From 7dcc552c05955eba9bf05b6c932af42d8ef9e9d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Wed, 13 May 2026 18:30:30 +0200
Subject: [PATCH 1/9] chore: create phony target in makefiles

[no changelog]
---
 Makefile                                      | 25 +++++++++++++++++++
 ci/hardware_tests/tpmb/Makefile               |  2 ++
 common/protob/Makefile                        |  2 ++
 common/udev/dist/Makefile                     |  2 ++
 .../projects/bootloader/protob/pb/Makefile    |  2 ++
 crypto/Makefile                               |  2 ++
 legacy/bootloader/Makefile                    |  2 ++
 legacy/firmware/Makefile                      |  2 ++
 legacy/firmware/protob/Makefile               |  2 ++
 legacy/gen/Makefile                           |  2 ++
 legacy/intermediate_fw/Makefile               |  2 ++
 storage/tests/c/Makefile                      |  2 ++
 storage/tests/c0/Makefile                     |  2 ++
 storage/tests/c3/Makefile                     |  2 ++
 tests/fido_tests/u2f-tests-hid/Makefile       |  2 ++
 15 files changed, 53 insertions(+)

diff --git a/Makefile b/Makefile
index 8fb58f22a95..acb987cea89 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,28 @@
+.PHONY: help \
+	style_check style \
+	pystyle_check pystyle_quick_check pystyle \
+	changelog_check changelog_style \
+	translations_style translations_style_check \
+	yaml_check editor_check \
+	cstyle_check cstyle \
+	protostyle protostyle_check \
+	defs_check \
+	ruststyle ruststyle_check \
+	typecheck pyright \
+	mocks mocks_check \
+	templates templates_check \
+	solana_templates solana_templates_check \
+	icons icons_check \
+	protobuf protobuf_check \
+	docs_summary_check \
+	vendorheader vendorheader_check \
+	bootloader_hashes bootloader_hashes_check \
+	lsgen lsgen_check \
+	tropic_model_config tropic_model_config_check \
+	hsm_keys hsm_keys_check \
+	gen gen_check \
+	uvlock_check
+
 ## help commands:
 
 help: ## show this help
diff --git a/ci/hardware_tests/tpmb/Makefile b/ci/hardware_tests/tpmb/Makefile
index c8280fd0e7a..2262eff6261 100644
--- a/ci/hardware_tests/tpmb/Makefile
+++ b/ci/hardware_tests/tpmb/Makefile
@@ -1,3 +1,5 @@
+.PHONY: default compile
+
 default: compile
 
 compile:
diff --git a/common/protob/Makefile b/common/protob/Makefile
index 54b2173a9bf..2930289b60d 100644
--- a/common/protob/Makefile
+++ b/common/protob/Makefile
@@ -1,3 +1,5 @@
+.PHONY: check combine clean
+
 check: messages.pb messages-bitcoin.pb messages-ble.pb messages-bootloader.pb messages-cardano.pb messages-common.pb messages-crypto.pb messages-debug.pb messages-ethereum.pb messages-management.pb messages-monero.pb messages-nem.pb messages-ripple.pb messages-stellar.pb messages-tezos.pb messages-tron.pb messages-eos.pb messages-solana.pb messages-definitions.pb messages-telemetry.pb
 
 %.pb: %.proto
diff --git a/common/udev/dist/Makefile b/common/udev/dist/Makefile
index dff2eb29343..cc8bde3d94f 100644
--- a/common/udev/dist/Makefile
+++ b/common/udev/dist/Makefile
@@ -1,3 +1,5 @@
+.PHONY: all shell
+
 VOL_MOUNT = -v $(shell pwd):/release
 IMAGETAG  = trezor-udev-build-env
 
diff --git a/core/embed/projects/bootloader/protob/pb/Makefile b/core/embed/projects/bootloader/protob/pb/Makefile
index 056629fc341..b341147c901 100644
--- a/core/embed/projects/bootloader/protob/pb/Makefile
+++ b/core/embed/projects/bootloader/protob/pb/Makefile
@@ -1,3 +1,5 @@
+.PHONY: all clean
+
 all: messages.pb.c messages-debug.pb.c
 
 %.pb.c: %.pb %.options
diff --git a/crypto/Makefile b/crypto/Makefile
index c2257dd9251..b3fa5a909b5 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -1,3 +1,5 @@
+.PHONY: all tests tools fuzzer clean clean-fuzzer
+
 # CLANG_VERSION is empty if the compiler is not clang-based
 CLANG_VERSION = $(shell $(CC) --version | sed -nr 's/^.*clang version ([0-9.]+).*$$/\1/p')
 CLANG_VERSION_MAJOR = $(shell echo $(CLANG_VERSION) | cut -f1 -d.)
diff --git a/legacy/bootloader/Makefile b/legacy/bootloader/Makefile
index 7df46de9928..ee43a17df07 100644
--- a/legacy/bootloader/Makefile
+++ b/legacy/bootloader/Makefile
@@ -1,3 +1,5 @@
+.PHONY: all
+
 NAME  = bootloader-unaligned
 
 OBJS += startup.o
diff --git a/legacy/firmware/Makefile b/legacy/firmware/Makefile
index 26a659bad06..aff843f89cc 100644
--- a/legacy/firmware/Makefile
+++ b/legacy/firmware/Makefile
@@ -1,3 +1,5 @@
+.PHONY: clean
+
 APPVER = 1.8.0
 
 NAME  = trezor
diff --git a/legacy/firmware/protob/Makefile b/legacy/firmware/protob/Makefile
index 4e2080143b6..8c71be62d65 100644
--- a/legacy/firmware/protob/Makefile
+++ b/legacy/firmware/protob/Makefile
@@ -1,3 +1,5 @@
+.PHONY: all clean
+
 ifneq ($(V),1)
 Q := @
 endif
diff --git a/legacy/gen/Makefile b/legacy/gen/Makefile
index 4f0e930469a..328cc115874 100644
--- a/legacy/gen/Makefile
+++ b/legacy/gen/Makefile
@@ -1,3 +1,5 @@
+.PHONY: all clean
+
 CC=cc
 
 all: strwidth
diff --git a/legacy/intermediate_fw/Makefile b/legacy/intermediate_fw/Makefile
index 166ddbfb982..d2a03d7ee49 100644
--- a/legacy/intermediate_fw/Makefile
+++ b/legacy/intermediate_fw/Makefile
@@ -1,3 +1,5 @@
+.PHONY: clean flash_intermediate_fw openocd_reset
+
 APPVER = 1.8.0
 
 NAME  = trezor
diff --git a/storage/tests/c/Makefile b/storage/tests/c/Makefile
index b8cdc370988..15b3cb7c58f 100644
--- a/storage/tests/c/Makefile
+++ b/storage/tests/c/Makefile
@@ -1,3 +1,5 @@
+.PHONY: clean
+
 CC = cc
 
 CFLAGS = -Wall -Wshadow -Wextra -Wpedantic -Werror -Wno-missing-braces
diff --git a/storage/tests/c0/Makefile b/storage/tests/c0/Makefile
index e6375f19a7f..cc1393be906 100644
--- a/storage/tests/c0/Makefile
+++ b/storage/tests/c0/Makefile
@@ -1,3 +1,5 @@
+.PHONY: clean
+
 CC=cc
 CFLAGS=-Wall -fPIC
 LIBS=
diff --git a/storage/tests/c3/Makefile b/storage/tests/c3/Makefile
index b727fc20741..617d1ce809e 100644
--- a/storage/tests/c3/Makefile
+++ b/storage/tests/c3/Makefile
@@ -1,3 +1,5 @@
+.PHONY: clean
+
 CC = cc
 
 CFLAGS = -Wall -Wshadow -Wextra -Wpedantic -Werror -Wno-missing-braces
diff --git a/tests/fido_tests/u2f-tests-hid/Makefile b/tests/fido_tests/u2f-tests-hid/Makefile
index d705c2b9a7c..dbd9c7d4561 100644
--- a/tests/fido_tests/u2f-tests-hid/Makefile
+++ b/tests/fido_tests/u2f-tests-hid/Makefile
@@ -4,6 +4,8 @@
 # license that can be found in the LICENSE file or at
 # https://developers.google.com/open-source/licenses/bsd
 
+.PHONY: all clean
+
 all: HIDTest U2FTest
 
 CC ?= cc

From a2a95c9cbf59633f91819bc27fe111f90a73eb0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Tue, 12 May 2026 13:59:27 +0200
Subject: [PATCH 2/9] chore(core): replace `gen.sh` with
 `generate_certificates.py`

[no changelog]
---
 Makefile                                | 11 ++-
 core/embed/sec/optiga/unix/certs/T2B1.h |  9 ++-
 core/embed/sec/optiga/unix/certs/T3B1.h |  9 ++-
 core/embed/sec/optiga/unix/certs/T3T1.h |  9 ++-
 core/embed/sec/optiga/unix/certs/T3W1.h |  9 ++-
 core/embed/sec/optiga/unix/certs/gen.sh | 11 ---
 core/embed/sec/secret/unix/certs/T3W1.h | 11 ++-
 core/embed/sec/secret/unix/certs/gen.sh | 13 ----
 core/tools/generate_certificates.py     | 93 +++++++++++++++++++++++++
 9 files changed, 134 insertions(+), 41 deletions(-)
 delete mode 100755 core/embed/sec/optiga/unix/certs/gen.sh
 delete mode 100755 core/embed/sec/secret/unix/certs/gen.sh
 create mode 100755 core/tools/generate_certificates.py

diff --git a/Makefile b/Makefile
index acb987cea89..04010e88604 100644
--- a/Makefile
+++ b/Makefile
@@ -20,6 +20,7 @@
 	lsgen lsgen_check \
 	tropic_model_config tropic_model_config_check \
 	hsm_keys hsm_keys_check \
+	certs certs_check \
 	gen gen_check \
 	uvlock_check
 
@@ -224,9 +225,15 @@ hsm_keys:
 hsm_keys_check:
 	./core/tools/generate_hsm_keys.py --check
 
-gen:  templates mocks icons protobuf vendorheader solana_templates bootloader_hashes lsgen tropic_model_config hsm_keys ## regenerate auto-generated files from sources
+certs:
+	./core/tools/generate_certificates.py
 
-gen_check: templates_check mocks_check icons_check protobuf_check vendorheader_check solana_templates_check bootloader_hashes_check lsgen_check tropic_model_config_check hsm_keys_check ## check validity of auto-generated files
+certs_check:
+	./core/tools/generate_certificates.py --check
+
+gen:  templates mocks icons protobuf vendorheader solana_templates bootloader_hashes lsgen tropic_model_config hsm_keys certs ## regenerate auto-generated files from sources
+
+gen_check: templates_check mocks_check icons_check protobuf_check vendorheader_check solana_templates_check bootloader_hashes_check lsgen_check tropic_model_config_check hsm_keys_check certs_check ## check validity of auto-generated files
 
 uvlock_check: ## check that uv.lock is up to date
 	@echo [UVLOCK-CHECK]
diff --git a/core/embed/sec/optiga/unix/certs/T2B1.h b/core/embed/sec/optiga/unix/certs/T2B1.h
index 2380fb25d10..ae4e3d0c4d8 100644
--- a/core/embed/sec/optiga/unix/certs/T2B1.h
+++ b/core/embed/sec/optiga/unix/certs/T2B1.h
@@ -1,4 +1,6 @@
-// This file was generated via ./gen.sh
+// This file is auto-generated by `core/tools/generate_certificates.py`.
+// Do not edit this file directly. Instead, run `make gen` or `make certs`
+// in the root directory.
 
 static const unsigned char T2B1_der[] = {
     0x30, 0x82, 0x01, 0x9f, 0x30, 0x82, 0x01, 0x45, 0xa0, 0x03, 0x02, 0x01,
@@ -76,5 +78,6 @@ static const unsigned char T2B1_der[] = {
     0x4a, 0xd9, 0x02, 0x21, 0x00, 0x99, 0x00, 0x98, 0x1c, 0xbc, 0x68, 0xae,
     0xb0, 0x6d, 0x3e, 0xa9, 0x11, 0x94, 0x8d, 0x63, 0x11, 0xd6, 0xf6, 0x94,
     0x40, 0x3a, 0xbb, 0xbb, 0x65, 0x9e, 0x5a, 0xf5, 0x2b, 0xf3, 0x2e, 0x33,
-    0xc4};
-static const unsigned int T2B1_der_len = 901;
+    0xc4,
+};
+static const unsigned int T2B1_der_size = 901;
diff --git a/core/embed/sec/optiga/unix/certs/T3B1.h b/core/embed/sec/optiga/unix/certs/T3B1.h
index 775d44c1bb5..b2bf99b910d 100644
--- a/core/embed/sec/optiga/unix/certs/T3B1.h
+++ b/core/embed/sec/optiga/unix/certs/T3B1.h
@@ -1,4 +1,6 @@
-// This file was generated via ./gen.sh
+// This file is auto-generated by `core/tools/generate_certificates.py`.
+// Do not edit this file directly. Instead, run `make gen` or `make certs`
+// in the root directory.
 
 static const unsigned char T3B1_der[] = {
     0x30, 0x82, 0x01, 0xa3, 0x30, 0x82, 0x01, 0x49, 0xa0, 0x03, 0x02, 0x01,
@@ -76,5 +78,6 @@ static const unsigned char T3B1_der[] = {
     0xf2, 0x28, 0x74, 0xa4, 0x7c, 0x68, 0x33, 0x3a, 0x0f, 0xc7, 0x02, 0x20,
     0x01, 0x2a, 0x32, 0x12, 0xb9, 0x0c, 0x99, 0x6c, 0x8c, 0x8c, 0xa3, 0xfb,
     0x22, 0x0e, 0x6e, 0xf7, 0x4c, 0x80, 0x84, 0xf9, 0x56, 0x3f, 0x95, 0x86,
-    0xc9, 0xd5, 0xb5, 0xcb, 0xee, 0x67, 0x3a, 0x1c};
-static const unsigned int T3B1_der_len = 908;
+    0xc9, 0xd5, 0xb5, 0xcb, 0xee, 0x67, 0x3a, 0x1c,
+};
+static const unsigned int T3B1_der_size = 908;
diff --git a/core/embed/sec/optiga/unix/certs/T3T1.h b/core/embed/sec/optiga/unix/certs/T3T1.h
index bd1eb7a9e40..f452ba1068b 100644
--- a/core/embed/sec/optiga/unix/certs/T3T1.h
+++ b/core/embed/sec/optiga/unix/certs/T3T1.h
@@ -1,4 +1,6 @@
-// This file was generated via ./gen.sh
+// This file is auto-generated by `core/tools/generate_certificates.py`.
+// Do not edit this file directly. Instead, run `make gen` or `make certs`
+// in the root directory.
 
 static const unsigned char T3T1_der[] = {
     0x30, 0x82, 0x01, 0x9f, 0x30, 0x82, 0x01, 0x45, 0xa0, 0x03, 0x02, 0x01,
@@ -76,5 +78,6 @@ static const unsigned char T3T1_der[] = {
     0x7e, 0x08, 0x9e, 0x38, 0x61, 0x5c, 0x81, 0x02, 0x21, 0x00, 0xf8, 0x9b,
     0xee, 0x7e, 0xd4, 0x8f, 0x5d, 0x71, 0x2b, 0xff, 0x38, 0x5c, 0xa6, 0xd7,
     0x7a, 0xe3, 0xa4, 0x6e, 0x61, 0xcf, 0x62, 0xff, 0x2e, 0xff, 0x7d, 0x06,
-    0x9a, 0x23, 0x56, 0x4d, 0x4a, 0x27};
-static const unsigned int T3T1_der_len = 906;
+    0x9a, 0x23, 0x56, 0x4d, 0x4a, 0x27,
+};
+static const unsigned int T3T1_der_size = 906;
diff --git a/core/embed/sec/optiga/unix/certs/T3W1.h b/core/embed/sec/optiga/unix/certs/T3W1.h
index 73c1207139f..92441fd95bf 100644
--- a/core/embed/sec/optiga/unix/certs/T3W1.h
+++ b/core/embed/sec/optiga/unix/certs/T3W1.h
@@ -1,4 +1,6 @@
-// This file was generated via ./gen.sh
+// This file is auto-generated by `core/tools/generate_certificates.py`.
+// Do not edit this file directly. Instead, run `make gen` or `make certs`
+// in the root directory.
 
 static const unsigned char T3W1_der[] = {
     0x30, 0x82, 0x01, 0xa3, 0x30, 0x82, 0x01, 0x49, 0xa0, 0x03, 0x02, 0x01,
@@ -76,5 +78,6 @@ static const unsigned char T3W1_der[] = {
     0x75, 0x15, 0x38, 0x67, 0xbb, 0xed, 0x15, 0x6c, 0x70, 0x0f, 0x02, 0x21,
     0x00, 0xfe, 0x9a, 0x8d, 0x98, 0x6d, 0xe1, 0x36, 0x7e, 0xdd, 0x12, 0x3a,
     0x3a, 0x63, 0xfd, 0xc4, 0x16, 0x7e, 0x1d, 0xce, 0x97, 0x9d, 0xc5, 0x01,
-    0x93, 0x9f, 0xb7, 0x17, 0x23, 0xe7, 0xcf, 0x2f, 0x6f};
-static const unsigned int T3W1_der_len = 909;
+    0x93, 0x9f, 0xb7, 0x17, 0x23, 0xe7, 0xcf, 0x2f, 0x6f,
+};
+static const unsigned int T3W1_der_size = 909;
diff --git a/core/embed/sec/optiga/unix/certs/gen.sh b/core/embed/sec/optiga/unix/certs/gen.sh
deleted file mode 100755
index a27c6fdee20..00000000000
--- a/core/embed/sec/optiga/unix/certs/gen.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-cd "$(dirname "$0")"
-for file in *.der
-do
-    header_file="${file%.der}.h"
-    echo "// This file was generated via ./gen.sh" > "$header_file"
-    echo >> "$header_file"
-    xxd -i "$file" | sed 's/unsigned/static const unsigned/' >> "$header_file"
-    clang-format -i "$header_file"
-done
diff --git a/core/embed/sec/secret/unix/certs/T3W1.h b/core/embed/sec/secret/unix/certs/T3W1.h
index 352a44bf680..1987cde36b9 100644
--- a/core/embed/sec/secret/unix/certs/T3W1.h
+++ b/core/embed/sec/secret/unix/certs/T3W1.h
@@ -1,4 +1,9 @@
-// This file was generated via ./gen.sh
+// This file is auto-generated by `core/tools/generate_certificates.py`.
+// Do not edit this file directly. Instead, run `make gen` or `make certs`
+// in the root directory.
 
-static uint8_t mcu_device_cert[MCU_ATTESTATION_MAX_CERT_SIZE] = {0x30, 0x00};
-static size_t mcu_device_cert_size = 2;
+static unsigned char mcu_device_cert[] = {
+    0x30,
+    0x00,
+};
+static unsigned int mcu_device_cert_size = 2;
diff --git a/core/embed/sec/secret/unix/certs/gen.sh b/core/embed/sec/secret/unix/certs/gen.sh
deleted file mode 100755
index 0f8486ca0bd..00000000000
--- a/core/embed/sec/secret/unix/certs/gen.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-cd "$(dirname "$0")"
-for file in *.der
-do
-    header_file="${file%.der}.h"
-    echo "// This file was generated via ./gen.sh" > "$header_file"
-    echo >> "$header_file"
-    xxd -i "$file" | sed '
-        s/unsigned.*_der\[\]/static uint8_t mcu_device_cert\[MCU_ATTESTATION_MAX_CERT_SIZE\]/;
-	s/unsigned.*_len/static size_t mcu_device_cert_size/' >> "$header_file"
-    clang-format -i "$header_file"
-done
diff --git a/core/tools/generate_certificates.py b/core/tools/generate_certificates.py
new file mode 100755
index 00000000000..3b83d1be6a4
--- /dev/null
+++ b/core/tools/generate_certificates.py
@@ -0,0 +1,93 @@
+#!/usr/bin/env python3
+
+from pathlib import Path
+
+import click
+
+ROOT = Path(__file__).resolve().parent.parent.parent
+OPTIGA_CERTS_DIR = ROOT / "core/embed/sec/optiga/unix/certs"
+SECRET_CERTS_DIR = ROOT / "core/embed/sec/secret/unix/certs"
+
+COMMENT = f"""// This file is auto-generated by `{Path(__file__).relative_to(ROOT)}`.
+// Do not edit this file directly. Instead, run `make gen` or `make certs`
+// in the root directory."""
+
+
+def create_array_lines(data: bytes) -> list[str]:
+    chunks = [data[i : i + 12] for i in range(0, len(data), 12)]
+    return ["    " + ", ".join(f"0x{b:02x}" for b in chunk) + "," for chunk in chunks]
+
+
+def der_to_header(data: bytes, variable_name: str, use_const: bool) -> str:
+    qualifiers = "static const" if use_const else "static"
+    lines = [
+        COMMENT,
+        "",
+        f"{qualifiers} unsigned char {variable_name}[] = {{",
+        *create_array_lines(data),
+        "};",
+        f"{qualifiers} unsigned int {variable_name}_size = {len(data)};",
+    ]
+
+    return "\n".join(lines) + "\n"
+
+
+def process_cert(
+    der_path: Path, header_path: Path, variable_name: str, use_const: bool, check: bool
+) -> None:
+    content = der_to_header(der_path.read_bytes(), variable_name, use_const)
+    if check:
+        if not header_path.exists():
+            raise click.ClickException(f"{header_path} is missing")
+        if header_path.read_text() != content:
+            raise click.ClickException(f"{header_path} is out of date")
+    else:
+        header_path.write_text(content)
+        print(f"Generated {header_path}")
+
+
+@click.command()
+@click.option("--check", is_flag=True)
+def generate(check: bool) -> None:
+    process_cert(
+        OPTIGA_CERTS_DIR / "T2B1.der",
+        OPTIGA_CERTS_DIR / "T2B1.h",
+        "T2B1_der",
+        True,
+        check,
+    )
+    process_cert(
+        OPTIGA_CERTS_DIR / "T3B1.der",
+        OPTIGA_CERTS_DIR / "T3B1.h",
+        "T3B1_der",
+        True,
+        check,
+    )
+    process_cert(
+        OPTIGA_CERTS_DIR / "T3T1.der",
+        OPTIGA_CERTS_DIR / "T3T1.h",
+        "T3T1_der",
+        True,
+        check,
+    )
+    process_cert(
+        OPTIGA_CERTS_DIR / "T3W1.der",
+        OPTIGA_CERTS_DIR / "T3W1.h",
+        "T3W1_der",
+        True,
+        check,
+    )
+    process_cert(
+        SECRET_CERTS_DIR / "T3W1.der",
+        SECRET_CERTS_DIR / "T3W1.h",
+        "mcu_device_cert",
+        False,
+        check,
+    )
+
+    if check:
+        print("All files are up to date.")
+
+
+if __name__ == "__main__":
+    generate()

From fa2b6cb5a30be265532e90db4247e5a1430fa6fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Tue, 12 May 2026 16:05:27 +0200
Subject: [PATCH 3/9] fix(core): disable writing MCU attestation certificate in
 firmware

[no changelog]
---
 core/embed/sec/secret/unix/secret.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/embed/sec/secret/unix/secret.c b/core/embed/sec/secret/unix/secret.c
index ad6e1d586f8..51423b682f1 100644
--- a/core/embed/sec/secret/unix/secret.c
+++ b/core/embed/sec/secret/unix/secret.c
@@ -206,12 +206,18 @@ void secret_bhk_regenerate(void) {}
 #endif
 
 secbool secret_mcu_device_cert_write(const uint8_t* cert, size_t cert_size) {
+#ifdef TREZOR_PRODTEST
   if (cert_size > MCU_ATTESTATION_MAX_CERT_SIZE) {
     return secfalse;
   }
   memcpy(mcu_device_cert, cert, cert_size);
   mcu_device_cert_size = cert_size;
   return sectrue;
+#else
+  (void)cert;
+  (void)cert_size;
+  return secfalse;
+#endif
 }
 
 secbool secret_mcu_device_cert_size(size_t* cert_size) {

From ef3df021d6395dfd9443b7df26da773651136c3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Tue, 12 May 2026 16:28:15 +0200
Subject: [PATCH 4/9] feat(core): use empty MCU attestation certificate in
 prodtest

[no changelog]
---
 core/embed/sec/secret/unix/certs/prodtest.h | 2 ++
 core/embed/sec/secret/unix/secret.c         | 4 ++++
 2 files changed, 6 insertions(+)
 create mode 100644 core/embed/sec/secret/unix/certs/prodtest.h

diff --git a/core/embed/sec/secret/unix/certs/prodtest.h b/core/embed/sec/secret/unix/certs/prodtest.h
new file mode 100644
index 00000000000..3eed7b4e78a
--- /dev/null
+++ b/core/embed/sec/secret/unix/certs/prodtest.h
@@ -0,0 +1,2 @@
+static unsigned char mcu_device_cert[MCU_ATTESTATION_MAX_CERT_SIZE] = {0};
+static unsigned int mcu_device_cert_size = 0;
diff --git a/core/embed/sec/secret/unix/secret.c b/core/embed/sec/secret/unix/secret.c
index 51423b682f1..2d78e5281be 100644
--- a/core/embed/sec/secret/unix/secret.c
+++ b/core/embed/sec/secret/unix/secret.c
@@ -199,11 +199,15 @@ void secret_bhk_regenerate(void) {}
 
 #include <sec/mcu_attestation.h>
 
+#ifdef TREZOR_PRODTEST
+#include "certs/prodtest.h"
+#else
 #if defined(TREZOR_MODEL_T3W1)
 #include "certs/T3W1.h"
 #else
 #error "MCU attestation is only supported for T3W1 model."
 #endif
+#endif
 
 secbool secret_mcu_device_cert_write(const uint8_t* cert, size_t cert_size) {
 #ifdef TREZOR_PRODTEST

From a6f5ac9bfacb00a3c8fb8ca34058a09e280179c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Wed, 13 May 2026 14:08:02 +0200
Subject: [PATCH 5/9] feat(core/prodtest): enable writing MCU attestation
 certificate

[no changelog]
---
 .../projects/prodtest/cmd/prodtest_secrets.c     | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/core/embed/projects/prodtest/cmd/prodtest_secrets.c b/core/embed/projects/prodtest/cmd/prodtest_secrets.c
index ac7007e2ae6..a7b723efefb 100644
--- a/core/embed/projects/prodtest/cmd/prodtest_secrets.c
+++ b/core/embed/projects/prodtest/cmd/prodtest_secrets.c
@@ -206,7 +206,6 @@ static void prodtest_secrets_get_mcu_device_key(cli_t* cli) {
   memzero(mcu_private, sizeof(mcu_private));
 }
 
-#ifndef TREZOR_EMULATOR
 static bool check_device_cert_chain(cli_t* cli, const uint8_t* chain,
                                     size_t chain_size) {
   bool ret = false;
@@ -253,7 +252,6 @@ static bool check_device_cert_chain(cli_t* cli, const uint8_t* chain,
   memzero(rnd, sizeof(rnd));
   return ret;
 }
-#endif  // TREZOR_EMULATOR
 
 static void prodtest_secrets_certdev_write(cli_t* cli) {
   if (cli_arg_count(cli) != 1) {
@@ -261,9 +259,6 @@ static void prodtest_secrets_certdev_write(cli_t* cli) {
     return;
   }
 
-#ifdef TREZOR_EMULATOR
-  cli_error(cli, CLI_ERROR, "Not implemented");
-#else
   size_t certificate_length = 0;
   uint8_t certificate[MCU_ATTESTATION_MAX_CERT_SIZE] = {0};
   if (!cli_arg_hex(cli, "hex-data", certificate, sizeof(certificate),
@@ -287,8 +282,13 @@ static void prodtest_secrets_certdev_write(cli_t* cli) {
     return;
   }
 
-  cli_ok(cli, "");
+#ifdef TREZOR_EMULATOR
+  cli_trace(cli,
+            "The certificate is not persistent, it will be wiped after "
+            "reboot");
 #endif  // TREZOR_EMULATOR
+
+  cli_ok(cli, "");
 }
 
 static void prodtest_secrets_certdev_read(cli_t* cli) {
@@ -297,9 +297,6 @@ static void prodtest_secrets_certdev_read(cli_t* cli) {
     return;
   }
 
-#ifdef TREZOR_EMULATOR
-  cli_error(cli, CLI_ERROR, "Not implemented");
-#else
   uint8_t certificate[MCU_ATTESTATION_MAX_CERT_SIZE] = {0};
   size_t certificate_length = 0;
 
@@ -310,7 +307,6 @@ static void prodtest_secrets_certdev_read(cli_t* cli) {
   }
 
   cli_ok_hexdata(cli, certificate, certificate_length);
-#endif  // TREZOR_EMULATOR
 }
 #endif  // USE_MCU_ATTESTATION
 

From 074efa63f3e2f4e4799d7126f38727280fea38ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Wed, 13 May 2026 17:37:09 +0200
Subject: [PATCH 6/9] chore: add debug root ed25519 key

[no changelog]
---
 common/hsm_keys.json                        | 1 +
 core/embed/projects/prodtest/cmd/hsm_keys.h | 5 +++++
 python/src/trezorlib/_root_keys.py          | 2 ++
 tests/device_tests/certificate.py           | 3 ++-
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/common/hsm_keys.json b/common/hsm_keys.json
index 1f8eb243a94..cd1fef866c1 100644
--- a/common/hsm_keys.json
+++ b/common/hsm_keys.json
@@ -26,6 +26,7 @@
       "DEV_AUTH_ROOT_PROD_BACKUP_MLDSA44": "fedf8b0c16164b9cec427882aa03d3bd6a1588cfbaebaf93cf2fc52f275417777433a938dcd6516345148f728c935a40ef3b6c41fd3ed831fea13774bd39887da8b06e2e671cc32a1c72e44a13d1cd985dc2ddcb63e457bbd29d38186ddb776b8e73b645c8bf616309f890d175538a9d10c82e595dea03f70564ff69b53497ecefd51fd8320041d9b1092386033ed37a93dd9b4b9da1297f808eac21020b8dc4747e01854ebdc407a04fc18b2758720125acb41f0c60e16cd53707a65392feed06c9fcc28a3e738dbc91614e89e5d535274c6b226d83f335a0dd088755571cf62496ca4642ec8e65eba8be2b8cec46416c6a3ad4be10569ac532e02d6e06b6ce0c0d4b7a99a11c910f9f0631b0cd72e20637237eeff723e722f7aa626732434c47843a099739e96e31267d8d6905d8b2b712a5a69d9343a3c1e07afb414b73950f4b1df196243005fb61c6200ef346826d6c0f4cc8ede052ed48235997bb366dade4483bfc11fe65fd0c5539e89d8bd271e54e30da6e5192a0f343dea3806aa798d12d62251a063d071ba67c35d3a26e582c2d361cf2d0fc36fb1b5a46e469669338b1c1744bdfe365700a6a1c641ab2b7906e2b7c0c0a9af8862ab5751a678e3e0156847ff6093ca7ebd48dd8b1d6f7736c2039e705c1e20f42ed5cac6db3dc7a7e2facbb75411e7fb8a156df52a2926afa9070937cde4dd4bd456294ba59bdcf123f11dcda267d475721abfecab1b31848a27236aa751e5b55015f033d87fb9cf5c086e09f1667cf7ec2e72436c907c5763690d698fffa997709bb89526cae772bb962c06ed1b89d418835672b85e1a1b2e3c55f4e607ecad09bdb3a18224b9805659aa2ecf0b62dbf6265e27d4101450edb590d52d525b62b1114dad2eb06c951a2c77c7ecfbf5f1f6fe285f39727958ce0b5cfe8fd465420c270309999e6694ee31fcb7d6480a75d0d72558cd6a050b8d11a9a6d7736700027fbe14b48949b7e1af2ca148ad4e4b4b93e9575a4119afd1b57c250606d5a4e258c2393c104d651995b1e75887f492ff05e92e1630332f176d86a0453b412d0869d98d6ab27377a74766e3cadde29c1853e6398a9edfa48c0d14e7c148b048f1bf25d11979e94878cb86eaf1e55638c1b39e0ac5254a009bf957f4b624796753c3451246e5a7b9022926aa77b7a1b4ae7d25f776d4395ba98a37d9e21b221da29564e50a669056650a40489386e8909c6ca21d369c3495c44b2f71373a392c9fa89c9085f467d24d6219fcdd2b56126792eb6a14269c4264a56926b1a7d9a1c03d9649d157f938abfdc2a56c20795065774838030da41a4c6178919cc1c6c88de1458d9baa1e51a4a1994e6d5cc94b049b15c235c5cf46d2cf23f09d565c5a5497ef0b3a5fbc8d1be8ed78f3794c49d4936139b0419faaffc52b55cb91f6e1bafacd55523c0b7eec56d98e4228cd0f9d00bc9866dac71e43db2b2cf311999d7bc3a49219836f558cbb5d8faa79e83079c6ce92288aae852553b655ef6bc87fbb25ca3ab482aecaf0a86eecc92341906cc89d234087f5abd6d2100a60d361d516d460d436b46706ad44b8b4ef3fe54ea198ffc2cf8c8e144ec62c4ce86ed5d181283fc17c926668ca4e0b8683e0c7bc662a54ea7f4c830365ad1cdea58abee9a726168ce9870729972884ecfe5baf06f1ee664aa422e26f9f76e20908d72e78c1a2dcd94fe1c07573d7706d7bdc07d0b41498c0d52ec3a90d6e7c0fcef597a884fb2caba29c2279569a1e64dd6c7ed4b312d2197b6391407899b25d21cefd1408eca42204f76cb0436f44c0a9c2e1eca19df8d93255c0da6469dc47da883e186387f76011cc8",
       "DEV_AUTH_ROOT_DEBUG_P256": "04521192e173a9da4e3023f747d836563725372681eba3079c56ff11b2fc137ab189eb4155f371127651b5594f8c332fc1e9c0f3b80d4212822668b63189706578",
       "DEV_AUTH_ROOT_STAGING_P256": "0465e88f9b2cea67e8364f0cfcfacd500af24e9040b357beee629ccc4fce1704d1a7ef7284f387708f92ef14600e2caad6894016fee819d623b95d66210c3e7519",
+      "DEV_AUTH_ROOT_DEBUG_ED25519": "70d67d085ca885a3a1d850c5dfec3a7ae53d9e0a7fe43b6e78d3a7da0b5c0484",
       "DEV_AUTH_ROOT_STAGING_ED25519": "cd318dc8405ae4f4144e3284dcb7b0cb0f0c2195c2ca14a0f6fccd9104e32a4b",
       "DEV_AUTH_ROOT_STAGING_MLDSA44": "1f3e5edad45fc6980dbfd597ed17b77e4d4ad1b1ec4804e04dc061cc2cfe77bc96fbc93f698f1fe00c47177c8150276dab86cbf407add7527deb09b65a6623ef581422292d77744be64f4401ca65b9bd027e32a76f307413b086869eccbcfc5e8823be8e0b3897727bca568feeff62957cd1e261e4aab67271725d240c7e7d2a20a5c201699be83d6c6a57fdfc09ac9b6b599e2a14a50e421d246d1d1df805db0b25534e500fed76fa89975a4270e274a9fa72b528e47d999abdeca5e08e51d447ae4019f699088d485bb52d5eec7a8c725cd34ff955c16437877a131f068438b5699c2285000463e24c633b023cde279be015db2f8b16de07fa82ee9adcbf868b898e25eeef5d60d03e1da874aca6f2089b1e7c72d7b532d3a27e38936d53c0080f9908b6727b13fe961ec8b08004f077b9cce95b5eee9b44d351e79eb222aba1bc18895d36cf4843ffcdfc735e1b66f3e72db5aaf8b5ecf56dbf0d616cf53d192a60e61ad3c51a595213100fd00835434a28aab3eb5949d3405de5db1a586bd6e937444913e9f1d4c00247acd49a2ed9953636e5d74417b4c7144c6c22fd8f7e25cb6cf6c8510de6915b74c95a28c197152208096d0249b86150e807978ca985c110d07b7d0a24434039f6ef12a69d3e073af6ae44e7c4606a354a3e953bdcff10c8dc68b807f41ac563ff0d7141c328b34152a25a16e9cb8228f7707356d2d7f3caa8d778a85e3b66242c124281c0f3201ad28596b868db138149eb98b821dcaaf86b5e11c2ac1161975bf0b2ecefc111b7b7401ce261911526618044d126eeee885efe51be0e32e93aaaffe34899df5b10df7c5a9c54c5b4704671640a92e8631f0d401f44c2238b5f9a37499b3d83c1c60096f2b48c3081dd9769db325c1cd1ffe84bfd8a80dde3cd650c49e14af3ab6c317ee74bd39e976ff5b7ad490e80f3eff9edf3b3855070a5a06fbe9cbca54f521e3d74cf13a4d116e23e531a7c70232c044b7e7d02467afe2a40def14298688eced5d3d87a102d31d7cd5409918ced4bab190505df48f451deea1c29168246d621529f0346eaab0e2302f3ce206dd84837704b8bdedbadea5b5822cdecbfdb180cde14e62ee26a929f0a37a99bacfe237376a3e6c289b06b8e93ed9d1435e3ee6399ab1a06d4f70097f80e26fe6f60b27a68104f6333b8db1bc78e12d54647b23feb0f11ae070f3a6be9d9f4d89a6b5ef8595d010d410e72138cfcbd5e41cca1df33ddad657b699cf4d3dc602888e5aaa0a7a2325ba4a36d7de49c591d8e355fd1de644d772bf2a060093743388dbe5d30a2d97304abc17c547bd65276291d6aa7b0723703733239fabef39c2de47071d50074e68fbe71c88f75d4510bb5f6bc244b3e7b219eb89fe5f148459a2d693cd3fac32aa069cbdd4e27c9778096f6805bf6df9aec9671f0a58b28704f74775e81ac46826c1c4709b0e0989d6e8e73bd1795ce85d85c14ad2997cd2810272a5682e7ed9aa7a092708c0f4bc67f68d317d406a96ddd2842ea22cbf3410cd7a77005b61115b794894cf9d10ebb4f5552bec8c21d90ba97d6139d5261d7f51f4009c3618f9feb22cc929ade204eca7c0f813409ceb88a13512f85e03948314ba9c4488aafda88ce447a0e052a6a605e32d04a20e2e52c41f371247963f24fc28c5cc1ddd8fe1681a2a293daf2688e9b026303a76cc60f40290c4d823efb85f36cb5e092369cc20515a8077e7702ed54ca1565d37b83184ee46c4a6adf2840f5a5fb002db70690bbf93888e685fdd1f9ea211b42693e0bd5ba5235a6ea1b714774d13279d7db3440f7fbced53f203ce6500555bcb9251e6f36d3352326501c"
     }
diff --git a/core/embed/projects/prodtest/cmd/hsm_keys.h b/core/embed/projects/prodtest/cmd/hsm_keys.h
index 697cf492d52..1bdb8346cd3 100644
--- a/core/embed/projects/prodtest/cmd/hsm_keys.h
+++ b/core/embed/projects/prodtest/cmd/hsm_keys.h
@@ -358,6 +358,11 @@
       0x60, 0x0e, 0x2c, 0xaa, 0xd6, 0x89, 0x40, 0x16, 0xfe, 0xe8, 0x19, \
       0xd6, 0x23, 0xb9, 0x5d, 0x66, 0x21, 0x0c, 0x3e, 0x75, 0x19}
 
+#define DEV_AUTH_ROOT_DEBUG_ED25519                                  \
+  {0x70, 0xd6, 0x7d, 0x08, 0x5c, 0xa8, 0x85, 0xa3, 0xa1, 0xd8, 0x50, \
+   0xc5, 0xdf, 0xec, 0x3a, 0x7a, 0xe5, 0x3d, 0x9e, 0x0a, 0x7f, 0xe4, \
+   0x3b, 0x6e, 0x78, 0xd3, 0xa7, 0xda, 0x0b, 0x5c, 0x04, 0x84}
+
 #define DEV_AUTH_ROOT_STAGING_ED25519                                \
   {0xcd, 0x31, 0x8d, 0xc8, 0x40, 0x5a, 0xe4, 0xf4, 0x14, 0x4e, 0x32, \
    0x84, 0xdc, 0xb7, 0xb0, 0xcb, 0x0f, 0x0c, 0x21, 0x95, 0xc2, 0xca, \
diff --git a/python/src/trezorlib/_root_keys.py b/python/src/trezorlib/_root_keys.py
index 3f031ca0c5f..3d7ecb71944 100644
--- a/python/src/trezorlib/_root_keys.py
+++ b/python/src/trezorlib/_root_keys.py
@@ -47,6 +47,8 @@
 
 T3W1_DEV_AUTH_ROOT_STAGING_P256_HEX = "0465e88f9b2cea67e8364f0cfcfacd500af24e9040b357beee629ccc4fce1704d1a7ef7284f387708f92ef14600e2caad6894016fee819d623b95d66210c3e7519"
 
+T3W1_DEV_AUTH_ROOT_DEBUG_ED25519_HEX = "70d67d085ca885a3a1d850c5dfec3a7ae53d9e0a7fe43b6e78d3a7da0b5c0484"
+
 T3W1_DEV_AUTH_ROOT_STAGING_ED25519_HEX = "cd318dc8405ae4f4144e3284dcb7b0cb0f0c2195c2ca14a0f6fccd9104e32a4b"
 
 T3W1_DEV_AUTH_ROOT_STAGING_MLDSA44_HEX = "1f3e5edad45fc6980dbfd597ed17b77e4d4ad1b1ec4804e04dc061cc2cfe77bc96fbc93f698f1fe00c47177c8150276dab86cbf407add7527deb09b65a6623ef581422292d77744be64f4401ca65b9bd027e32a76f307413b086869eccbcfc5e8823be8e0b3897727bca568feeff62957cd1e261e4aab67271725d240c7e7d2a20a5c201699be83d6c6a57fdfc09ac9b6b599e2a14a50e421d246d1d1df805db0b25534e500fed76fa89975a4270e274a9fa72b528e47d999abdeca5e08e51d447ae4019f699088d485bb52d5eec7a8c725cd34ff955c16437877a131f068438b5699c2285000463e24c633b023cde279be015db2f8b16de07fa82ee9adcbf868b898e25eeef5d60d03e1da874aca6f2089b1e7c72d7b532d3a27e38936d53c0080f9908b6727b13fe961ec8b08004f077b9cce95b5eee9b44d351e79eb222aba1bc18895d36cf4843ffcdfc735e1b66f3e72db5aaf8b5ecf56dbf0d616cf53d192a60e61ad3c51a595213100fd00835434a28aab3eb5949d3405de5db1a586bd6e937444913e9f1d4c00247acd49a2ed9953636e5d74417b4c7144c6c22fd8f7e25cb6cf6c8510de6915b74c95a28c197152208096d0249b86150e807978ca985c110d07b7d0a24434039f6ef12a69d3e073af6ae44e7c4606a354a3e953bdcff10c8dc68b807f41ac563ff0d7141c328b34152a25a16e9cb8228f7707356d2d7f3caa8d778a85e3b66242c124281c0f3201ad28596b868db138149eb98b821dcaaf86b5e11c2ac1161975bf0b2ecefc111b7b7401ce261911526618044d126eeee885efe51be0e32e93aaaffe34899df5b10df7c5a9c54c5b4704671640a92e8631f0d401f44c2238b5f9a37499b3d83c1c60096f2b48c3081dd9769db325c1cd1ffe84bfd8a80dde3cd650c49e14af3ab6c317ee74bd39e976ff5b7ad490e80f3eff9edf3b3855070a5a06fbe9cbca54f521e3d74cf13a4d116e23e531a7c70232c044b7e7d02467afe2a40def14298688eced5d3d87a102d31d7cd5409918ced4bab190505df48f451deea1c29168246d621529f0346eaab0e2302f3ce206dd84837704b8bdedbadea5b5822cdecbfdb180cde14e62ee26a929f0a37a99bacfe237376a3e6c289b06b8e93ed9d1435e3ee6399ab1a06d4f70097f80e26fe6f60b27a68104f6333b8db1bc78e12d54647b23feb0f11ae070f3a6be9d9f4d89a6b5ef8595d010d410e72138cfcbd5e41cca1df33ddad657b699cf4d3dc602888e5aaa0a7a2325ba4a36d7de49c591d8e355fd1de644d772bf2a060093743388dbe5d30a2d97304abc17c547bd65276291d6aa7b0723703733239fabef39c2de47071d50074e68fbe71c88f75d4510bb5f6bc244b3e7b219eb89fe5f148459a2d693cd3fac32aa069cbdd4e27c9778096f6805bf6df9aec9671f0a58b28704f74775e81ac46826c1c4709b0e0989d6e8e73bd1795ce85d85c14ad2997cd2810272a5682e7ed9aa7a092708c0f4bc67f68d317d406a96ddd2842ea22cbf3410cd7a77005b61115b794894cf9d10ebb4f5552bec8c21d90ba97d6139d5261d7f51f4009c3618f9feb22cc929ade204eca7c0f813409ceb88a13512f85e03948314ba9c4488aafda88ce447a0e052a6a605e32d04a20e2e52c41f371247963f24fc28c5cc1ddd8fe1681a2a293daf2688e9b026303a76cc60f40290c4d823efb85f36cb5e092369cc20515a8077e7702ed54ca1565d37b83184ee46c4a6adf2840f5a5fb002db70690bbf93888e685fdd1f9ea211b42693e0bd5ba5235a6ea1b714774d13279d7db3440f7fbced53f203ce6500555bcb9251e6f36d3352326501c"
diff --git a/tests/device_tests/certificate.py b/tests/device_tests/certificate.py
index 88737661597..f434d505c03 100644
--- a/tests/device_tests/certificate.py
+++ b/tests/device_tests/certificate.py
@@ -25,7 +25,8 @@
 
 TROPIC_ROOT_PUBLIC_KEY = {
     models.T3W1: bytes.fromhex(
-        "1ab1c5f12f4570e0de5c16a8d9feea381f53c8d813feeb0eb2fb7f393f2b6b5f"
+        # This is `DEV_AUTH_ROOT_DEBUG_ED25519` from `hsm_keys.json`
+        "70d67d085ca885a3a1d850c5dfec3a7ae53d9e0a7fe43b6e78d3a7da0b5c0484"
     ),
 }
 

From 2e63c839f1b8c38870dd3f313a14e0bd506b7272 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Tue, 12 May 2026 18:06:09 +0200
Subject: [PATCH 7/9] chore: add debug root ML-DSA key

[no changelog]
---
 common/hsm_keys.json                        |   1 +
 core/embed/projects/prodtest/cmd/hsm_keys.h | 113 ++++++++++++++++++++
 python/src/trezorlib/_root_keys.py          |   2 +
 3 files changed, 116 insertions(+)

diff --git a/common/hsm_keys.json b/common/hsm_keys.json
index cd1fef866c1..dd6087d12bc 100644
--- a/common/hsm_keys.json
+++ b/common/hsm_keys.json
@@ -28,6 +28,7 @@
       "DEV_AUTH_ROOT_STAGING_P256": "0465e88f9b2cea67e8364f0cfcfacd500af24e9040b357beee629ccc4fce1704d1a7ef7284f387708f92ef14600e2caad6894016fee819d623b95d66210c3e7519",
       "DEV_AUTH_ROOT_DEBUG_ED25519": "70d67d085ca885a3a1d850c5dfec3a7ae53d9e0a7fe43b6e78d3a7da0b5c0484",
       "DEV_AUTH_ROOT_STAGING_ED25519": "cd318dc8405ae4f4144e3284dcb7b0cb0f0c2195c2ca14a0f6fccd9104e32a4b",
+      "DEV_AUTH_ROOT_DEBUG_MLDSA44": "61f55aab34281075da5440809d050570777666b5253715f26b1c0f092410953b2e6ca3deba7ec51f35201019eeaedd2e121177a9a3cb90319d431ef422ea7b28dfcdbb09686f7103e5ad6604c0e988cd48e199312106f80d7cf3a65a8bb47cce171442eb98a9c361181418db7ba3d315a4dd4b305f8b5ae4af33828ad53770246dacff8d5061a3df3569e79112063d054abd9d2e67443b7183e5b2078be23c6cd5a53db1a318778176cd61e6e0d90fd06d6012d258c0b968956ddf39d198e373b6b588dd6470eb33425f734f739ca5b2716da2a2116a90dedff18d311052ee366981661b679682069a639824a1acf80efcc98aace2b03491e3bd4a973ddfbf36921cc3e65e5fecbe924fc3936534a145c7dbfaa07854637e53a328a342691ba2fa602bc84759992c2177f299e9cc2e9fed1b1fcd95a1fb20b9b7081f8949177ede03b03890f6cf234a0a8947754e3811460e4c0d096d57da3f433d14de41e662700f0b07940cca64a8b083f714bf5da74105fd536c379925c7fa5d559bb2d77ffdd2e41cd7db3a13cb68f849e2214ce3f0c3dbec66059b7973dc87012065f34fa0b3a66627526da319ffe4577433b6cb95ac932d119cb4b3d8dd718e96763dbd0e99052b8da8d74f19b1a355e9babb6a1e5639da18396b0b21023a6d29b354681801c62a20272460337ce3d5ebcf2ab07d248eb6e7cb2cc3e64fdc5f7c414e42fe3748dbf9a2b8fdb02e7c5ae6cac416fb9016f03905e24d59fe41793768f5af7411659d393abfced35763c2e69fe9c3114af3a4d90ed953e88eff7b0684fdcaddcea277dac68629adf27911c2565741eebd3413dceab3909c04c327e991f63dde2315e5297af2e7e598e238ef09ca86f6b748753412718ef0f6f77065747771b9e1f4e1f46acea36d298865bde8b7aece61378d6a79942417201bb3b6ce3ae81bc838a40ebb8759fedb7cfa0f05acc62e365a2f74262944ba8e097bfa7bfd68800923628f9bd02293bdc4935a392787fb893d08134729461e74c6718752a69b83788911b99e327aadb1ff57fc6b506ccd832372f94bf0c7f06add3cb337d232494413a82874687e9476da4687c7ff7a8c587d33b63a595ba8e42655046d8f880e66d489f1a9a2db8af1e428257dc0dedb9c97187b47efc347d28dc1bac6d73f5b15fe5030a2ac9bf3b45ed631b67ab97510217675d57f46461188558a5614201648ffcf33508c95337f54b3be00fc2942ca919a941e0309a1fb7920ff507ea64085b033e2d745fb14f69add738837783ed1751d7835d9b594aa60c971027b18cddc309f29713988b7efb60af375542fc1ff770d60af53681973454109d33a96fd40463c43e49da18995cefd0278cf8b04d384c9f6c0494f26f2341bc53bed21fbff0707523dbed4a6296aa63b5c502e97d95af1b4305511c3df022ae44e3ea6ead99e199d4a02788106c0dfa989a7be20db8c2fba961d31f102ba8de6f18475932e610c164fd060eecdd16dfbd0f7a8a6922432b04733b68cb4a5fb06e1c18143d005ad5256906a17ad4ea06f2a34f2ad6a73dff03a8ae41b58383088df9ed8691d08b04c6d4979ea9f352826a670e28bd8c890a9863ee34472f1c9f9f8f070fb0083851b6deb6fd390e2db0dd8f52ca53eebd046374f4fa3fb9bcff4b951ecdcf1aa95abb647447f077344c43a6275f2d0506e784a7a98a05029e8a3c6a831387df7907be3c6723a9416c1dd20d47d9824b907ee435883afe1e9a75c65da8974e1cd5f430b97ebc4f6fde307f25a09fac614bb8313e74e00062a91bf5f06fbde976cd4eb7e36c4b8268a140d409334947ce41865665345dcc4d7d3e02d77db",
       "DEV_AUTH_ROOT_STAGING_MLDSA44": "1f3e5edad45fc6980dbfd597ed17b77e4d4ad1b1ec4804e04dc061cc2cfe77bc96fbc93f698f1fe00c47177c8150276dab86cbf407add7527deb09b65a6623ef581422292d77744be64f4401ca65b9bd027e32a76f307413b086869eccbcfc5e8823be8e0b3897727bca568feeff62957cd1e261e4aab67271725d240c7e7d2a20a5c201699be83d6c6a57fdfc09ac9b6b599e2a14a50e421d246d1d1df805db0b25534e500fed76fa89975a4270e274a9fa72b528e47d999abdeca5e08e51d447ae4019f699088d485bb52d5eec7a8c725cd34ff955c16437877a131f068438b5699c2285000463e24c633b023cde279be015db2f8b16de07fa82ee9adcbf868b898e25eeef5d60d03e1da874aca6f2089b1e7c72d7b532d3a27e38936d53c0080f9908b6727b13fe961ec8b08004f077b9cce95b5eee9b44d351e79eb222aba1bc18895d36cf4843ffcdfc735e1b66f3e72db5aaf8b5ecf56dbf0d616cf53d192a60e61ad3c51a595213100fd00835434a28aab3eb5949d3405de5db1a586bd6e937444913e9f1d4c00247acd49a2ed9953636e5d74417b4c7144c6c22fd8f7e25cb6cf6c8510de6915b74c95a28c197152208096d0249b86150e807978ca985c110d07b7d0a24434039f6ef12a69d3e073af6ae44e7c4606a354a3e953bdcff10c8dc68b807f41ac563ff0d7141c328b34152a25a16e9cb8228f7707356d2d7f3caa8d778a85e3b66242c124281c0f3201ad28596b868db138149eb98b821dcaaf86b5e11c2ac1161975bf0b2ecefc111b7b7401ce261911526618044d126eeee885efe51be0e32e93aaaffe34899df5b10df7c5a9c54c5b4704671640a92e8631f0d401f44c2238b5f9a37499b3d83c1c60096f2b48c3081dd9769db325c1cd1ffe84bfd8a80dde3cd650c49e14af3ab6c317ee74bd39e976ff5b7ad490e80f3eff9edf3b3855070a5a06fbe9cbca54f521e3d74cf13a4d116e23e531a7c70232c044b7e7d02467afe2a40def14298688eced5d3d87a102d31d7cd5409918ced4bab190505df48f451deea1c29168246d621529f0346eaab0e2302f3ce206dd84837704b8bdedbadea5b5822cdecbfdb180cde14e62ee26a929f0a37a99bacfe237376a3e6c289b06b8e93ed9d1435e3ee6399ab1a06d4f70097f80e26fe6f60b27a68104f6333b8db1bc78e12d54647b23feb0f11ae070f3a6be9d9f4d89a6b5ef8595d010d410e72138cfcbd5e41cca1df33ddad657b699cf4d3dc602888e5aaa0a7a2325ba4a36d7de49c591d8e355fd1de644d772bf2a060093743388dbe5d30a2d97304abc17c547bd65276291d6aa7b0723703733239fabef39c2de47071d50074e68fbe71c88f75d4510bb5f6bc244b3e7b219eb89fe5f148459a2d693cd3fac32aa069cbdd4e27c9778096f6805bf6df9aec9671f0a58b28704f74775e81ac46826c1c4709b0e0989d6e8e73bd1795ce85d85c14ad2997cd2810272a5682e7ed9aa7a092708c0f4bc67f68d317d406a96ddd2842ea22cbf3410cd7a77005b61115b794894cf9d10ebb4f5552bec8c21d90ba97d6139d5261d7f51f4009c3618f9feb22cc929ade204eca7c0f813409ceb88a13512f85e03948314ba9c4488aafda88ce447a0e052a6a605e32d04a20e2e52c41f371247963f24fc28c5cc1ddd8fe1681a2a293daf2688e9b026303a76cc60f40290c4d823efb85f36cb5e092369cc20515a8077e7702ed54ca1565d37b83184ee46c4a6adf2840f5a5fb002db70690bbf93888e685fdd1f9ea211b42693e0bd5ba5235a6ea1b714774d13279d7db3440f7fbced53f203ce6500555bcb9251e6f36d3352326501c"
     }
   }
diff --git a/core/embed/projects/prodtest/cmd/hsm_keys.h b/core/embed/projects/prodtest/cmd/hsm_keys.h
index 1bdb8346cd3..ffd6105002c 100644
--- a/core/embed/projects/prodtest/cmd/hsm_keys.h
+++ b/core/embed/projects/prodtest/cmd/hsm_keys.h
@@ -368,6 +368,119 @@
    0x84, 0xdc, 0xb7, 0xb0, 0xcb, 0x0f, 0x0c, 0x21, 0x95, 0xc2, 0xca, \
    0x14, 0xa0, 0xf6, 0xfc, 0xcd, 0x91, 0x04, 0xe3, 0x2a, 0x4b}
 
+#define DEV_AUTH_ROOT_DEBUG_MLDSA44                                           \
+  {                                                                           \
+      0x61, 0xf5, 0x5a, 0xab, 0x34, 0x28, 0x10, 0x75, 0xda, 0x54, 0x40, 0x80, \
+      0x9d, 0x05, 0x05, 0x70, 0x77, 0x76, 0x66, 0xb5, 0x25, 0x37, 0x15, 0xf2, \
+      0x6b, 0x1c, 0x0f, 0x09, 0x24, 0x10, 0x95, 0x3b, 0x2e, 0x6c, 0xa3, 0xde, \
+      0xba, 0x7e, 0xc5, 0x1f, 0x35, 0x20, 0x10, 0x19, 0xee, 0xae, 0xdd, 0x2e, \
+      0x12, 0x11, 0x77, 0xa9, 0xa3, 0xcb, 0x90, 0x31, 0x9d, 0x43, 0x1e, 0xf4, \
+      0x22, 0xea, 0x7b, 0x28, 0xdf, 0xcd, 0xbb, 0x09, 0x68, 0x6f, 0x71, 0x03, \
+      0xe5, 0xad, 0x66, 0x04, 0xc0, 0xe9, 0x88, 0xcd, 0x48, 0xe1, 0x99, 0x31, \
+      0x21, 0x06, 0xf8, 0x0d, 0x7c, 0xf3, 0xa6, 0x5a, 0x8b, 0xb4, 0x7c, 0xce, \
+      0x17, 0x14, 0x42, 0xeb, 0x98, 0xa9, 0xc3, 0x61, 0x18, 0x14, 0x18, 0xdb, \
+      0x7b, 0xa3, 0xd3, 0x15, 0xa4, 0xdd, 0x4b, 0x30, 0x5f, 0x8b, 0x5a, 0xe4, \
+      0xaf, 0x33, 0x82, 0x8a, 0xd5, 0x37, 0x70, 0x24, 0x6d, 0xac, 0xff, 0x8d, \
+      0x50, 0x61, 0xa3, 0xdf, 0x35, 0x69, 0xe7, 0x91, 0x12, 0x06, 0x3d, 0x05, \
+      0x4a, 0xbd, 0x9d, 0x2e, 0x67, 0x44, 0x3b, 0x71, 0x83, 0xe5, 0xb2, 0x07, \
+      0x8b, 0xe2, 0x3c, 0x6c, 0xd5, 0xa5, 0x3d, 0xb1, 0xa3, 0x18, 0x77, 0x81, \
+      0x76, 0xcd, 0x61, 0xe6, 0xe0, 0xd9, 0x0f, 0xd0, 0x6d, 0x60, 0x12, 0xd2, \
+      0x58, 0xc0, 0xb9, 0x68, 0x95, 0x6d, 0xdf, 0x39, 0xd1, 0x98, 0xe3, 0x73, \
+      0xb6, 0xb5, 0x88, 0xdd, 0x64, 0x70, 0xeb, 0x33, 0x42, 0x5f, 0x73, 0x4f, \
+      0x73, 0x9c, 0xa5, 0xb2, 0x71, 0x6d, 0xa2, 0xa2, 0x11, 0x6a, 0x90, 0xde, \
+      0xdf, 0xf1, 0x8d, 0x31, 0x10, 0x52, 0xee, 0x36, 0x69, 0x81, 0x66, 0x1b, \
+      0x67, 0x96, 0x82, 0x06, 0x9a, 0x63, 0x98, 0x24, 0xa1, 0xac, 0xf8, 0x0e, \
+      0xfc, 0xc9, 0x8a, 0xac, 0xe2, 0xb0, 0x34, 0x91, 0xe3, 0xbd, 0x4a, 0x97, \
+      0x3d, 0xdf, 0xbf, 0x36, 0x92, 0x1c, 0xc3, 0xe6, 0x5e, 0x5f, 0xec, 0xbe, \
+      0x92, 0x4f, 0xc3, 0x93, 0x65, 0x34, 0xa1, 0x45, 0xc7, 0xdb, 0xfa, 0xa0, \
+      0x78, 0x54, 0x63, 0x7e, 0x53, 0xa3, 0x28, 0xa3, 0x42, 0x69, 0x1b, 0xa2, \
+      0xfa, 0x60, 0x2b, 0xc8, 0x47, 0x59, 0x99, 0x2c, 0x21, 0x77, 0xf2, 0x99, \
+      0xe9, 0xcc, 0x2e, 0x9f, 0xed, 0x1b, 0x1f, 0xcd, 0x95, 0xa1, 0xfb, 0x20, \
+      0xb9, 0xb7, 0x08, 0x1f, 0x89, 0x49, 0x17, 0x7e, 0xde, 0x03, 0xb0, 0x38, \
+      0x90, 0xf6, 0xcf, 0x23, 0x4a, 0x0a, 0x89, 0x47, 0x75, 0x4e, 0x38, 0x11, \
+      0x46, 0x0e, 0x4c, 0x0d, 0x09, 0x6d, 0x57, 0xda, 0x3f, 0x43, 0x3d, 0x14, \
+      0xde, 0x41, 0xe6, 0x62, 0x70, 0x0f, 0x0b, 0x07, 0x94, 0x0c, 0xca, 0x64, \
+      0xa8, 0xb0, 0x83, 0xf7, 0x14, 0xbf, 0x5d, 0xa7, 0x41, 0x05, 0xfd, 0x53, \
+      0x6c, 0x37, 0x99, 0x25, 0xc7, 0xfa, 0x5d, 0x55, 0x9b, 0xb2, 0xd7, 0x7f, \
+      0xfd, 0xd2, 0xe4, 0x1c, 0xd7, 0xdb, 0x3a, 0x13, 0xcb, 0x68, 0xf8, 0x49, \
+      0xe2, 0x21, 0x4c, 0xe3, 0xf0, 0xc3, 0xdb, 0xec, 0x66, 0x05, 0x9b, 0x79, \
+      0x73, 0xdc, 0x87, 0x01, 0x20, 0x65, 0xf3, 0x4f, 0xa0, 0xb3, 0xa6, 0x66, \
+      0x27, 0x52, 0x6d, 0xa3, 0x19, 0xff, 0xe4, 0x57, 0x74, 0x33, 0xb6, 0xcb, \
+      0x95, 0xac, 0x93, 0x2d, 0x11, 0x9c, 0xb4, 0xb3, 0xd8, 0xdd, 0x71, 0x8e, \
+      0x96, 0x76, 0x3d, 0xbd, 0x0e, 0x99, 0x05, 0x2b, 0x8d, 0xa8, 0xd7, 0x4f, \
+      0x19, 0xb1, 0xa3, 0x55, 0xe9, 0xba, 0xbb, 0x6a, 0x1e, 0x56, 0x39, 0xda, \
+      0x18, 0x39, 0x6b, 0x0b, 0x21, 0x02, 0x3a, 0x6d, 0x29, 0xb3, 0x54, 0x68, \
+      0x18, 0x01, 0xc6, 0x2a, 0x20, 0x27, 0x24, 0x60, 0x33, 0x7c, 0xe3, 0xd5, \
+      0xeb, 0xcf, 0x2a, 0xb0, 0x7d, 0x24, 0x8e, 0xb6, 0xe7, 0xcb, 0x2c, 0xc3, \
+      0xe6, 0x4f, 0xdc, 0x5f, 0x7c, 0x41, 0x4e, 0x42, 0xfe, 0x37, 0x48, 0xdb, \
+      0xf9, 0xa2, 0xb8, 0xfd, 0xb0, 0x2e, 0x7c, 0x5a, 0xe6, 0xca, 0xc4, 0x16, \
+      0xfb, 0x90, 0x16, 0xf0, 0x39, 0x05, 0xe2, 0x4d, 0x59, 0xfe, 0x41, 0x79, \
+      0x37, 0x68, 0xf5, 0xaf, 0x74, 0x11, 0x65, 0x9d, 0x39, 0x3a, 0xbf, 0xce, \
+      0xd3, 0x57, 0x63, 0xc2, 0xe6, 0x9f, 0xe9, 0xc3, 0x11, 0x4a, 0xf3, 0xa4, \
+      0xd9, 0x0e, 0xd9, 0x53, 0xe8, 0x8e, 0xff, 0x7b, 0x06, 0x84, 0xfd, 0xca, \
+      0xdd, 0xce, 0xa2, 0x77, 0xda, 0xc6, 0x86, 0x29, 0xad, 0xf2, 0x79, 0x11, \
+      0xc2, 0x56, 0x57, 0x41, 0xee, 0xbd, 0x34, 0x13, 0xdc, 0xea, 0xb3, 0x90, \
+      0x9c, 0x04, 0xc3, 0x27, 0xe9, 0x91, 0xf6, 0x3d, 0xde, 0x23, 0x15, 0xe5, \
+      0x29, 0x7a, 0xf2, 0xe7, 0xe5, 0x98, 0xe2, 0x38, 0xef, 0x09, 0xca, 0x86, \
+      0xf6, 0xb7, 0x48, 0x75, 0x34, 0x12, 0x71, 0x8e, 0xf0, 0xf6, 0xf7, 0x70, \
+      0x65, 0x74, 0x77, 0x71, 0xb9, 0xe1, 0xf4, 0xe1, 0xf4, 0x6a, 0xce, 0xa3, \
+      0x6d, 0x29, 0x88, 0x65, 0xbd, 0xe8, 0xb7, 0xae, 0xce, 0x61, 0x37, 0x8d, \
+      0x6a, 0x79, 0x94, 0x24, 0x17, 0x20, 0x1b, 0xb3, 0xb6, 0xce, 0x3a, 0xe8, \
+      0x1b, 0xc8, 0x38, 0xa4, 0x0e, 0xbb, 0x87, 0x59, 0xfe, 0xdb, 0x7c, 0xfa, \
+      0x0f, 0x05, 0xac, 0xc6, 0x2e, 0x36, 0x5a, 0x2f, 0x74, 0x26, 0x29, 0x44, \
+      0xba, 0x8e, 0x09, 0x7b, 0xfa, 0x7b, 0xfd, 0x68, 0x80, 0x09, 0x23, 0x62, \
+      0x8f, 0x9b, 0xd0, 0x22, 0x93, 0xbd, 0xc4, 0x93, 0x5a, 0x39, 0x27, 0x87, \
+      0xfb, 0x89, 0x3d, 0x08, 0x13, 0x47, 0x29, 0x46, 0x1e, 0x74, 0xc6, 0x71, \
+      0x87, 0x52, 0xa6, 0x9b, 0x83, 0x78, 0x89, 0x11, 0xb9, 0x9e, 0x32, 0x7a, \
+      0xad, 0xb1, 0xff, 0x57, 0xfc, 0x6b, 0x50, 0x6c, 0xcd, 0x83, 0x23, 0x72, \
+      0xf9, 0x4b, 0xf0, 0xc7, 0xf0, 0x6a, 0xdd, 0x3c, 0xb3, 0x37, 0xd2, 0x32, \
+      0x49, 0x44, 0x13, 0xa8, 0x28, 0x74, 0x68, 0x7e, 0x94, 0x76, 0xda, 0x46, \
+      0x87, 0xc7, 0xff, 0x7a, 0x8c, 0x58, 0x7d, 0x33, 0xb6, 0x3a, 0x59, 0x5b, \
+      0xa8, 0xe4, 0x26, 0x55, 0x04, 0x6d, 0x8f, 0x88, 0x0e, 0x66, 0xd4, 0x89, \
+      0xf1, 0xa9, 0xa2, 0xdb, 0x8a, 0xf1, 0xe4, 0x28, 0x25, 0x7d, 0xc0, 0xde, \
+      0xdb, 0x9c, 0x97, 0x18, 0x7b, 0x47, 0xef, 0xc3, 0x47, 0xd2, 0x8d, 0xc1, \
+      0xba, 0xc6, 0xd7, 0x3f, 0x5b, 0x15, 0xfe, 0x50, 0x30, 0xa2, 0xac, 0x9b, \
+      0xf3, 0xb4, 0x5e, 0xd6, 0x31, 0xb6, 0x7a, 0xb9, 0x75, 0x10, 0x21, 0x76, \
+      0x75, 0xd5, 0x7f, 0x46, 0x46, 0x11, 0x88, 0x55, 0x8a, 0x56, 0x14, 0x20, \
+      0x16, 0x48, 0xff, 0xcf, 0x33, 0x50, 0x8c, 0x95, 0x33, 0x7f, 0x54, 0xb3, \
+      0xbe, 0x00, 0xfc, 0x29, 0x42, 0xca, 0x91, 0x9a, 0x94, 0x1e, 0x03, 0x09, \
+      0xa1, 0xfb, 0x79, 0x20, 0xff, 0x50, 0x7e, 0xa6, 0x40, 0x85, 0xb0, 0x33, \
+      0xe2, 0xd7, 0x45, 0xfb, 0x14, 0xf6, 0x9a, 0xdd, 0x73, 0x88, 0x37, 0x78, \
+      0x3e, 0xd1, 0x75, 0x1d, 0x78, 0x35, 0xd9, 0xb5, 0x94, 0xaa, 0x60, 0xc9, \
+      0x71, 0x02, 0x7b, 0x18, 0xcd, 0xdc, 0x30, 0x9f, 0x29, 0x71, 0x39, 0x88, \
+      0xb7, 0xef, 0xb6, 0x0a, 0xf3, 0x75, 0x54, 0x2f, 0xc1, 0xff, 0x77, 0x0d, \
+      0x60, 0xaf, 0x53, 0x68, 0x19, 0x73, 0x45, 0x41, 0x09, 0xd3, 0x3a, 0x96, \
+      0xfd, 0x40, 0x46, 0x3c, 0x43, 0xe4, 0x9d, 0xa1, 0x89, 0x95, 0xce, 0xfd, \
+      0x02, 0x78, 0xcf, 0x8b, 0x04, 0xd3, 0x84, 0xc9, 0xf6, 0xc0, 0x49, 0x4f, \
+      0x26, 0xf2, 0x34, 0x1b, 0xc5, 0x3b, 0xed, 0x21, 0xfb, 0xff, 0x07, 0x07, \
+      0x52, 0x3d, 0xbe, 0xd4, 0xa6, 0x29, 0x6a, 0xa6, 0x3b, 0x5c, 0x50, 0x2e, \
+      0x97, 0xd9, 0x5a, 0xf1, 0xb4, 0x30, 0x55, 0x11, 0xc3, 0xdf, 0x02, 0x2a, \
+      0xe4, 0x4e, 0x3e, 0xa6, 0xea, 0xd9, 0x9e, 0x19, 0x9d, 0x4a, 0x02, 0x78, \
+      0x81, 0x06, 0xc0, 0xdf, 0xa9, 0x89, 0xa7, 0xbe, 0x20, 0xdb, 0x8c, 0x2f, \
+      0xba, 0x96, 0x1d, 0x31, 0xf1, 0x02, 0xba, 0x8d, 0xe6, 0xf1, 0x84, 0x75, \
+      0x93, 0x2e, 0x61, 0x0c, 0x16, 0x4f, 0xd0, 0x60, 0xee, 0xcd, 0xd1, 0x6d, \
+      0xfb, 0xd0, 0xf7, 0xa8, 0xa6, 0x92, 0x24, 0x32, 0xb0, 0x47, 0x33, 0xb6, \
+      0x8c, 0xb4, 0xa5, 0xfb, 0x06, 0xe1, 0xc1, 0x81, 0x43, 0xd0, 0x05, 0xad, \
+      0x52, 0x56, 0x90, 0x6a, 0x17, 0xad, 0x4e, 0xa0, 0x6f, 0x2a, 0x34, 0xf2, \
+      0xad, 0x6a, 0x73, 0xdf, 0xf0, 0x3a, 0x8a, 0xe4, 0x1b, 0x58, 0x38, 0x30, \
+      0x88, 0xdf, 0x9e, 0xd8, 0x69, 0x1d, 0x08, 0xb0, 0x4c, 0x6d, 0x49, 0x79, \
+      0xea, 0x9f, 0x35, 0x28, 0x26, 0xa6, 0x70, 0xe2, 0x8b, 0xd8, 0xc8, 0x90, \
+      0xa9, 0x86, 0x3e, 0xe3, 0x44, 0x72, 0xf1, 0xc9, 0xf9, 0xf8, 0xf0, 0x70, \
+      0xfb, 0x00, 0x83, 0x85, 0x1b, 0x6d, 0xeb, 0x6f, 0xd3, 0x90, 0xe2, 0xdb, \
+      0x0d, 0xd8, 0xf5, 0x2c, 0xa5, 0x3e, 0xeb, 0xd0, 0x46, 0x37, 0x4f, 0x4f, \
+      0xa3, 0xfb, 0x9b, 0xcf, 0xf4, 0xb9, 0x51, 0xec, 0xdc, 0xf1, 0xaa, 0x95, \
+      0xab, 0xb6, 0x47, 0x44, 0x7f, 0x07, 0x73, 0x44, 0xc4, 0x3a, 0x62, 0x75, \
+      0xf2, 0xd0, 0x50, 0x6e, 0x78, 0x4a, 0x7a, 0x98, 0xa0, 0x50, 0x29, 0xe8, \
+      0xa3, 0xc6, 0xa8, 0x31, 0x38, 0x7d, 0xf7, 0x90, 0x7b, 0xe3, 0xc6, 0x72, \
+      0x3a, 0x94, 0x16, 0xc1, 0xdd, 0x20, 0xd4, 0x7d, 0x98, 0x24, 0xb9, 0x07, \
+      0xee, 0x43, 0x58, 0x83, 0xaf, 0xe1, 0xe9, 0xa7, 0x5c, 0x65, 0xda, 0x89, \
+      0x74, 0xe1, 0xcd, 0x5f, 0x43, 0x0b, 0x97, 0xeb, 0xc4, 0xf6, 0xfd, 0xe3, \
+      0x07, 0xf2, 0x5a, 0x09, 0xfa, 0xc6, 0x14, 0xbb, 0x83, 0x13, 0xe7, 0x4e, \
+      0x00, 0x06, 0x2a, 0x91, 0xbf, 0x5f, 0x06, 0xfb, 0xde, 0x97, 0x6c, 0xd4, \
+      0xeb, 0x7e, 0x36, 0xc4, 0xb8, 0x26, 0x8a, 0x14, 0x0d, 0x40, 0x93, 0x34, \
+      0x94, 0x7c, 0xe4, 0x18, 0x65, 0x66, 0x53, 0x45, 0xdc, 0xc4, 0xd7, 0xd3, \
+      0xe0, 0x2d, 0x77, 0xdb}
+
 #define DEV_AUTH_ROOT_STAGING_MLDSA44                                         \
   {                                                                           \
       0x1f, 0x3e, 0x5e, 0xda, 0xd4, 0x5f, 0xc6, 0x98, 0x0d, 0xbf, 0xd5, 0x97, \
diff --git a/python/src/trezorlib/_root_keys.py b/python/src/trezorlib/_root_keys.py
index 3d7ecb71944..b5f4b752b55 100644
--- a/python/src/trezorlib/_root_keys.py
+++ b/python/src/trezorlib/_root_keys.py
@@ -51,4 +51,6 @@
 
 T3W1_DEV_AUTH_ROOT_STAGING_ED25519_HEX = "cd318dc8405ae4f4144e3284dcb7b0cb0f0c2195c2ca14a0f6fccd9104e32a4b"
 
+T3W1_DEV_AUTH_ROOT_DEBUG_MLDSA44_HEX = "61f55aab34281075da5440809d050570777666b5253715f26b1c0f092410953b2e6ca3deba7ec51f35201019eeaedd2e121177a9a3cb90319d431ef422ea7b28dfcdbb09686f7103e5ad6604c0e988cd48e199312106f80d7cf3a65a8bb47cce171442eb98a9c361181418db7ba3d315a4dd4b305f8b5ae4af33828ad53770246dacff8d5061a3df3569e79112063d054abd9d2e67443b7183e5b2078be23c6cd5a53db1a318778176cd61e6e0d90fd06d6012d258c0b968956ddf39d198e373b6b588dd6470eb33425f734f739ca5b2716da2a2116a90dedff18d311052ee366981661b679682069a639824a1acf80efcc98aace2b03491e3bd4a973ddfbf36921cc3e65e5fecbe924fc3936534a145c7dbfaa07854637e53a328a342691ba2fa602bc84759992c2177f299e9cc2e9fed1b1fcd95a1fb20b9b7081f8949177ede03b03890f6cf234a0a8947754e3811460e4c0d096d57da3f433d14de41e662700f0b07940cca64a8b083f714bf5da74105fd536c379925c7fa5d559bb2d77ffdd2e41cd7db3a13cb68f849e2214ce3f0c3dbec66059b7973dc87012065f34fa0b3a66627526da319ffe4577433b6cb95ac932d119cb4b3d8dd718e96763dbd0e99052b8da8d74f19b1a355e9babb6a1e5639da18396b0b21023a6d29b354681801c62a20272460337ce3d5ebcf2ab07d248eb6e7cb2cc3e64fdc5f7c414e42fe3748dbf9a2b8fdb02e7c5ae6cac416fb9016f03905e24d59fe41793768f5af7411659d393abfced35763c2e69fe9c3114af3a4d90ed953e88eff7b0684fdcaddcea277dac68629adf27911c2565741eebd3413dceab3909c04c327e991f63dde2315e5297af2e7e598e238ef09ca86f6b748753412718ef0f6f77065747771b9e1f4e1f46acea36d298865bde8b7aece61378d6a79942417201bb3b6ce3ae81bc838a40ebb8759fedb7cfa0f05acc62e365a2f74262944ba8e097bfa7bfd68800923628f9bd02293bdc4935a392787fb893d08134729461e74c6718752a69b83788911b99e327aadb1ff57fc6b506ccd832372f94bf0c7f06add3cb337d232494413a82874687e9476da4687c7ff7a8c587d33b63a595ba8e42655046d8f880e66d489f1a9a2db8af1e428257dc0dedb9c97187b47efc347d28dc1bac6d73f5b15fe5030a2ac9bf3b45ed631b67ab97510217675d57f46461188558a5614201648ffcf33508c95337f54b3be00fc2942ca919a941e0309a1fb7920ff507ea64085b033e2d745fb14f69add738837783ed1751d7835d9b594aa60c971027b18cddc309f29713988b7efb60af375542fc1ff770d60af53681973454109d33a96fd40463c43e49da18995cefd0278cf8b04d384c9f6c0494f26f2341bc53bed21fbff0707523dbed4a6296aa63b5c502e97d95af1b4305511c3df022ae44e3ea6ead99e199d4a02788106c0dfa989a7be20db8c2fba961d31f102ba8de6f18475932e610c164fd060eecdd16dfbd0f7a8a6922432b04733b68cb4a5fb06e1c18143d005ad5256906a17ad4ea06f2a34f2ad6a73dff03a8ae41b58383088df9ed8691d08b04c6d4979ea9f352826a670e28bd8c890a9863ee34472f1c9f9f8f070fb0083851b6deb6fd390e2db0dd8f52ca53eebd046374f4fa3fb9bcff4b951ecdcf1aa95abb647447f077344c43a6275f2d0506e784a7a98a05029e8a3c6a831387df7907be3c6723a9416c1dd20d47d9824b907ee435883afe1e9a75c65da8974e1cd5f430b97ebc4f6fde307f25a09fac614bb8313e74e00062a91bf5f06fbde976cd4eb7e36c4b8268a140d409334947ce41865665345dcc4d7d3e02d77db"
+
 T3W1_DEV_AUTH_ROOT_STAGING_MLDSA44_HEX = "1f3e5edad45fc6980dbfd597ed17b77e4d4ad1b1ec4804e04dc061cc2cfe77bc96fbc93f698f1fe00c47177c8150276dab86cbf407add7527deb09b65a6623ef581422292d77744be64f4401ca65b9bd027e32a76f307413b086869eccbcfc5e8823be8e0b3897727bca568feeff62957cd1e261e4aab67271725d240c7e7d2a20a5c201699be83d6c6a57fdfc09ac9b6b599e2a14a50e421d246d1d1df805db0b25534e500fed76fa89975a4270e274a9fa72b528e47d999abdeca5e08e51d447ae4019f699088d485bb52d5eec7a8c725cd34ff955c16437877a131f068438b5699c2285000463e24c633b023cde279be015db2f8b16de07fa82ee9adcbf868b898e25eeef5d60d03e1da874aca6f2089b1e7c72d7b532d3a27e38936d53c0080f9908b6727b13fe961ec8b08004f077b9cce95b5eee9b44d351e79eb222aba1bc18895d36cf4843ffcdfc735e1b66f3e72db5aaf8b5ecf56dbf0d616cf53d192a60e61ad3c51a595213100fd00835434a28aab3eb5949d3405de5db1a586bd6e937444913e9f1d4c00247acd49a2ed9953636e5d74417b4c7144c6c22fd8f7e25cb6cf6c8510de6915b74c95a28c197152208096d0249b86150e807978ca985c110d07b7d0a24434039f6ef12a69d3e073af6ae44e7c4606a354a3e953bdcff10c8dc68b807f41ac563ff0d7141c328b34152a25a16e9cb8228f7707356d2d7f3caa8d778a85e3b66242c124281c0f3201ad28596b868db138149eb98b821dcaaf86b5e11c2ac1161975bf0b2ecefc111b7b7401ce261911526618044d126eeee885efe51be0e32e93aaaffe34899df5b10df7c5a9c54c5b4704671640a92e8631f0d401f44c2238b5f9a37499b3d83c1c60096f2b48c3081dd9769db325c1cd1ffe84bfd8a80dde3cd650c49e14af3ab6c317ee74bd39e976ff5b7ad490e80f3eff9edf3b3855070a5a06fbe9cbca54f521e3d74cf13a4d116e23e531a7c70232c044b7e7d02467afe2a40def14298688eced5d3d87a102d31d7cd5409918ced4bab190505df48f451deea1c29168246d621529f0346eaab0e2302f3ce206dd84837704b8bdedbadea5b5822cdecbfdb180cde14e62ee26a929f0a37a99bacfe237376a3e6c289b06b8e93ed9d1435e3ee6399ab1a06d4f70097f80e26fe6f60b27a68104f6333b8db1bc78e12d54647b23feb0f11ae070f3a6be9d9f4d89a6b5ef8595d010d410e72138cfcbd5e41cca1df33ddad657b699cf4d3dc602888e5aaa0a7a2325ba4a36d7de49c591d8e355fd1de644d772bf2a060093743388dbe5d30a2d97304abc17c547bd65276291d6aa7b0723703733239fabef39c2de47071d50074e68fbe71c88f75d4510bb5f6bc244b3e7b219eb89fe5f148459a2d693cd3fac32aa069cbdd4e27c9778096f6805bf6df9aec9671f0a58b28704f74775e81ac46826c1c4709b0e0989d6e8e73bd1795ce85d85c14ad2997cd2810272a5682e7ed9aa7a092708c0f4bc67f68d317d406a96ddd2842ea22cbf3410cd7a77005b61115b794894cf9d10ebb4f5552bec8c21d90ba97d6139d5261d7f51f4009c3618f9feb22cc929ade204eca7c0f813409ceb88a13512f85e03948314ba9c4488aafda88ce447a0e052a6a605e32d04a20e2e52c41f371247963f24fc28c5cc1ddd8fe1681a2a293daf2688e9b026303a76cc60f40290c4d823efb85f36cb5e092369cc20515a8077e7702ed54ca1565d37b83184ee46c4a6adf2840f5a5fb002db70690bbf93888e685fdd1f9ea211b42693e0bd5ba5235a6ea1b714774d13279d7db3440f7fbced53f203ce6500555bcb9251e6f36d3352326501c"

From 4add8be2b207c0401559be60b2dda0931b8eb13b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Tue, 12 May 2026 14:06:52 +0200
Subject: [PATCH 8/9] chore(core): add testing MCU attestation certificate

[no changelog]
---
 core/embed/sec/secret/unix/certs/T3W1.der | Bin 2 -> 4067 bytes
 core/embed/sec/secret/unix/certs/T3W1.h   | 343 +++++++++++++++++++++-
 2 files changed, 340 insertions(+), 3 deletions(-)

diff --git a/core/embed/sec/secret/unix/certs/T3W1.der b/core/embed/sec/secret/unix/certs/T3W1.der
index def7fcb589b94b3707b9d3cb4d4825487a7fa402..901ec8a73d0983f02291b86976f03429042a5cdf 100644
GIT binary patch
literal 4067
zcmZ9MS2P>|l!grkkzw>2y%Wr+(R+#BYm`w#bfZNXZA1joM)aCQ4WdRTB1R_&M)VrJ
z6C><qcOQ25KHdL*=lti~mk$yRUWP;ym=@vT0&sDO-0`%p{n3yV$U}k$_Hmj3XFPm7
za)=4^A>;u8o+&;7C9aAUlo|5qUmylioA^1u^!8&_@%HqAd4;h03;79o3qiRc9RD~T
z=+XahU6@yZ3(OH7;OFM$%4+284QEwRg0Rw(h)6)hp(0RmF)6616&+XvBL2S*5OpXc
zg#N#)C`?4np{)PYXAE<3W|f4}La6^iASEeOL{v;%Lh^|e<lhD*g@FD6AxfaJiLR&!
zBpN94e;&e%2D0HKy?_7yb_M5KmD8i<M>qtu?*NT+Os%=5zF$Kf8ivI=FkXBNjdceB
z8FYsf8fsO|(|@L;^LP<o7cv&3%!^FZyugHR1VkfK=e)zo8Glc8=1(j1WhKlt88vT!
zWpT~HX~YX=$zVj73#`O)=U@;|Iax?`&TJDIM~$U*rZ6e)@vJRzv|ma!V?ryfDF|HY
zi&^~D!Z<axUuR?JRr}w{wufk=T9=ghQcs9~Ntv2@k5sT2kZnCuLGP{8e~K4qzx{Ea
z`TR^3lN-KhC1vZs`=oMsJOSK1JxI}IUoIYrrNbSO(<TjP9Uu)<cIZFNWuBlWL@3hM
zFOr5N|1zXi7yL-GCXNCs%qJ^BsK2Rv0CgyQxRZTJ8S=_h`heBcpDfbga~&xAo@%H~
z#+rJWD*mR`x#jJZ8A8fnGYC<WL<H$3Ue$C%Di~j_#<HLL05*dfn}76gGgVI2-k!p)
zul{)Qs|$$gG6NLfB*twu*}(eeMSpl$$XSf`^3xU0z_~kR2H(D93+JLqcfs$E`@xj0
z(gFo|S-n6vObmdI#h3^V;-ARAe=a{WUu&CDi-aSqIdZ<+<Fey%s1%oG9RKi!H%^ol
z#@mY0r=v~bvDV2u5k$e-f19V84EJQjKEEE%A{M0g$;M1gW7lRi1+I6lS9)$}RAQrb
z!WeAS;`@|*2z+;^vW5O~--}*)D6I``3_dh%+LE5)rs%t?CBAsfz{=$mD6`^Z(w+N?
zDqN!+QxhknduzHEpl0Qn6$Iz_Zd4^nKlfM&;P8C0g`_fR=>W}_w<dDiIdg;sfs0w~
zoJ1uTU%CRUB5XUJ@JAe&QKbbxe(RoiwacK23gKlbikK|&AGEZiT?I~t-kNP<-{b&x
zhouz2z5)%q+kbeD$4&ji_rlZMQkxKl);Ydq7R<DxxzB=UwK#t8Zc5~!v^xCA2QhIh
z>vNarqpZy4hwAIN>bcR>@(0K6<Mz>JB%Nv^o5h#PH~N7edKGezO-9u80tfELl=l}4
zZ&Q7L_ilryQoC7ogT3QwyhL705i0w%)Mu77ur2!awd28{<JyqT^Oh+f#s0-G!K0vY
zLIj0u=dV+d_#3UE?b-vdwgkW^`Jlenzy_O3ANVtVZ{#cphaa8AqhH%E6go#YA!tbx
z-xvs2sq3ZDO3GANXRIFcS)K3lGc1WxqgO9Z>tb)p=Dpc@wJT(Wd!nrV+4OC0=VYjp
z(ThK{P;gJ>NN5K*Hm2csmD|2DoQGLHoTm#BxglX%A?v-*QxSo6>%1v_*^frcE3-xl
zVe`IN=e%ZXPbJ<DD2O`?-fHi8`Ni)#YWAw(MGIf>r;>IJ4#tNRN_to}X8TUifrIR}
z7mnJvt;8jL5Z*4z)rsP1L9Fbpj2wD~^gKPOua2zau5ra~oWVcsPK@ok@2_>6BkP;U
zSWHnm1AN327WT!lZAp#WW^0QfWwZSkf3nEaFYEBbS9;Apz`RgKc1NsD0D=Ptc_C6{
zxI)JdS{K#er`^i_hG98*I^37|gk5)ZIsFEv@U!0kOm)pi?irEy2J~AE+489@Bn7Lq
zr73)FxPeL_-$uMePj<yv*6JcVOI{xp1yI!g4a)^u3ixF$kiSm<G2st9PvixAq|M?K
zxH1ZTtkxTvcIf<0vv&f0Y_Td%(&`ICB-``u-@b`aqO)DCWp?GOIQ-hj$y;Uh=ArRU
z#azA4;ixE0(%kvrGqZ&4z-%Wj+|<odC5Qrq^glhy1O@=^@$vC+aU%cAt4x&tGA;xM
z!t#%D;L|~9BB`L(4JG&*vB2OFFe<pnY!PCq&HMkP`yc>^W#W(9<GFdX3RT&&@;>=Z
z44Ss%BQ_t?1TiccV5_ZE57`R?=yWr@IGE^PHKEyGNR+jBi;xUUqwrTEw-uj9^)rSM
zKZ!GjUwA6mF%$W78@MY{9(jH~k(!%p2s4&JC6)dW=EHfXMN)bFr8S;Y<FkjKX{#Es
zQ&4nk@(z1#<$Kpy5Rwokc52Be0t!wmta@GJ!Wt=YBU9$r3uSf|z;pZ1ML-`Wx%XR}
z1xLG9XUl!$x|a@3s6^Egs!*^u$?-0R?enh2=!75jo(a{LbsxrhViOz`lQ@B?Ao1C%
zM}l{1K9dbaZ+&KgDBIWT8mrxXRUl5|(OnEcNvjyWg<95~Y_FwT=S;+lzan<}q}daK
zXBywCYdjeKV)$G5^m*Z-z>8R~(r->Vd2-b?BMdOF+r#{@##bd?9jpy1gQeKXx#T~d
zzoq8gukz)k!N83n@RhP4I;Y7>eT=GWeoXwJKjqD;PO%<)+%tqm<}B?bd4`rfous)h
z|Mo?xmknp#$05fM{>!3z4}8~UyQj<jb2LMH8KcX-Dli9MztM@n+_?nz;34^VEJLP6
zNINgIeq*%|8nir~!1cFBIg08&rg0sY%VJ$Ghw`kVC|yj;xFGyxQ0vI^dFj@@KZWo(
zkVGGWW}0&Cv$wOhZK_z!MOe|N$-?}pX*40+$c~uw>K(4o!Q{1qyI)nFVOfCTb8&Ae
zP;YSm$V2Lm{$Vrhh-!paD7aqMs;FH;1f?22uJPr(&5vJO6r&oex2lm5Y6J&7fT%CN
z9BNvi@0VU+I+YjV5-6G>sl`6%*=9RQW*v!R)leLI%e(Uk`SEX9)9OMc#qm7v@71lS
zcf1~ttUjc)-a&iiTQV)WuOP7AtfNfk0s&;2Tmhl>9)-D+Pe_Qo-q?VmfK*oWom}0+
zXcGZi`<n`u%=HPdT2`b@(S6k8Ps<cQi=2Qe!Sb>0@99=#7gAJQFEepahkgckg{VSW
z(d6(slbPcbCUZkG5&Y6&HoZE+IveM-KhiNQ5P+IqTWJ;f@2kGAEB=_{s)Gro^{^+<
z4*3#^H)}>Z2aX2ebts9<D$=1G9mnTzx%hJ7gYo&2>+x-xcUXP2OUdyN?9F!0^+$Eq
z0Gg$`+M-&z-o%61DfZK``Av^720OJA5$RW`u9%`PWu)3Y*ZVfY8Hr067Odv#lWYJj
zuGwf5etIu@RJLbj%kF!legJNZeT{Wy@he9YUjIMW6#OS-6R?iG3JN({Er<-j8n-xk
z#W~Z*Ic=6(_G6aO@3{KBy=T7?g75rd%+I(5Moh_(W~GoPeRgpDsSNU;4&?#bJ7h+p
zDZ5%JL@NB<RrPe}0mBAvjQu6;;>L3OiGq99ZyBK#pRMkxT_hTnl<W%;DczTs;+;d1
z2k*)7F)2%6PP*{$J9d<R&LRu!>-1c|wtb(}SGQ|REH_37T)I#?BNdDgswU}@LAw_6
zYtlkUKC*WwdJlFy%|EH=c%A#+WsusJX$@&}+P4czj&L8VA1Q~mT^`#M9^sERH-4)Y
zn<1as(d*W-U3=e`|1G!5rpDWKDm}Mv!4gEmcE)SD<+s{$S0zSNx^=s6oB&4IfC`VC
z7-sYEC3bPY@9q*0Wmy|jB$CNG6yK+23=MSQKLgnVH0aSu>F=M7RX$msU3KKgS@Q~<
z{``~GGx>JGe|xklk|Zj|<?2RrY^qwaQ39|IavZF`U``35w=K$V*<aLI0+S0Tk*V!p
zWGjXX<{QTa^SQ47NOsVNj^*LCuL?WKG!8#2EGH$ccF|w_oYttyLxdkC#)J-Z6=>CJ
zmK<}Y3FRMAaR!z#sQuUh%9(L7JR(%fTy?VLLBL!|3T{w5iDhNXY#;I*Ml9h-I-s#V
z`_|nSnEZKvL<LcyG>d?@sFemI)8dB(1)tuCZkP#XP}7?f%peu|&_kGag#<J!|Dy0L
z*A+NBlo1uy^e(CvL_P4~MfuJ8J2gx>xp1P)<=RSRzQ(CLV(RQParP`i^nzQ<D|GU1
zI&N);rb^KLtK*xdHE*kF+ryA*`!Y4e=|)+XC%ThMJooSx@vDQbe&SB&R@MHCU5H1+
z`3|E@A0F0eNX*>D?8&8^eZF(FQ<iB`clRX0R~a0j8P5&PYkarn&ZKDrMVXn=VNN=T
ztkoMLvUobY+<UY3q+CN^nF*iRbUM!M>21J=4gA%R?zg~2^-oj>JokhjyGXB35K=sr
z6I8ZcMK-#a(IeRCEnOR8aDRScA7}g5V90IHgDhsg7YCpp-Ytx9aq^v(^sfxwY`ut@
z+mH>VPjY|X|6N!T<%?vRWrUXM9N*f$@2gQaQ=)AoT!y>OED+&rl`~XdykKw+DtLO)
zf-Lzp!^^+^)I3798jKviu1Nq`r6i4=AZk~C$)(GZmCV<)z|A%ih92-QwRZ6>)~wJT
z+3K<fPfgBxbJEqz%v6*K9w?w93JS`&-(VDHFY%i_C1EVD?tjFMo*R4;-au)9{1lDm
z6tW*2h3{|<#I%Vxc~G$#`Nojubb4klW=^0E6y4lDroOI^fieZAcJ&UH?WL=VU?$Gq
z7h~C426=*Pu5qqbbmWsH&<nyfcj}g-v#p5Y-l6?VFBSfr@#Ma{2dd?~`N#T#s)+9j
zp_{qW6@Nq7jeW%U%2M%v(rJRHWP{ySgdz2t&Mz@-D)y<ks`O>Fi==uf^lVL;icdT8
z_B|2=4f_Kv<{8Ef0-)DF`!=Gvgib?IThZ}zqn<R^q@1|=o(~=L$WE6An=8z_a-~I>
zW~@fWGpg&zUvGV__e>1wxpWP{_F_|HR<~o|8KHH+X<vPt3zd17lvME+U<!l&K<I)7
zmw8lvsWbV0=~7K|k-o#8=uHQHDCZ`mjk0>dbKqMR^D#-F>f%x%AoKe+!Q$&b+e+V3
z5c(jNI&dc1AaDaSjU*Wrbw7KUwPtD&C`^(a`)Sx(|2(L)Nm5#?tkWmP+L+RSI{N33
zEx(sztcyW=s+BfXmu%&LYE<KZB&{dzMvwEOKArV);oTMzNy_U8RNvv3AWpDU-8r&X
zRq$GO*3EI>MyVBv==O1r6pI_3Wry=9HR&5Jb{&#Z(Q)t#NJy#$Mr0M2Hnt4R?UOU9
znc4dxQc=})pBpCU*T|XpC1fMg@_JWJuO6|nKNeQCuyuMFotoP^Hih&5hmu2B;XeQk
Cd!s=B

literal 2
JcmXqD0001D05Jdn

diff --git a/core/embed/sec/secret/unix/certs/T3W1.h b/core/embed/sec/secret/unix/certs/T3W1.h
index 1987cde36b9..886551347d4 100644
--- a/core/embed/sec/secret/unix/certs/T3W1.h
+++ b/core/embed/sec/secret/unix/certs/T3W1.h
@@ -3,7 +3,344 @@
 // in the root directory.
 
 static unsigned char mcu_device_cert[] = {
-    0x30,
-    0x00,
+    0x30, 0x82, 0x0f, 0xdf, 0x30, 0x82, 0x06, 0x55, 0xa0, 0x03, 0x02, 0x01,
+    0x02, 0x02, 0x08, 0x6a, 0x03, 0x4b, 0xf8, 0x73, 0xc8, 0x30, 0x90, 0x30,
+    0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11,
+    0x30, 0x54, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+    0x02, 0x43, 0x5a, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
+    0x0c, 0x15, 0x54, 0x72, 0x65, 0x7a, 0x6f, 0x72, 0x20, 0x43, 0x6f, 0x6d,
+    0x70, 0x61, 0x6e, 0x79, 0x20, 0x73, 0x2e, 0x72, 0x2e, 0x6f, 0x2e, 0x31,
+    0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x1c, 0x54, 0x72,
+    0x65, 0x7a, 0x6f, 0x72, 0x20, 0x4d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63,
+    0x74, 0x75, 0x72, 0x69, 0x6e, 0x67, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20,
+    0x43, 0x41, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x35, 0x31, 0x32,
+    0x31, 0x35, 0x34, 0x39, 0x31, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x35,
+    0x36, 0x30, 0x35, 0x31, 0x32, 0x31, 0x35, 0x34, 0x39, 0x31, 0x33, 0x5a,
+    0x30, 0x46, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
+    0x12, 0x54, 0x33, 0x57, 0x31, 0x20, 0x54, 0x72, 0x65, 0x7a, 0x6f, 0x72,
+    0x20, 0x53, 0x61, 0x66, 0x65, 0x20, 0x37, 0x31, 0x17, 0x30, 0x15, 0x06,
+    0x03, 0x55, 0x04, 0x05, 0x13, 0x0e, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
+    0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x31, 0x0e, 0x30, 0x0c,
+    0x06, 0x03, 0x55, 0x04, 0x2e, 0x13, 0x05, 0x53, 0x54, 0x4d, 0x33, 0x32,
+    0x30, 0x82, 0x05, 0x32, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+    0x65, 0x03, 0x04, 0x03, 0x11, 0x03, 0x82, 0x05, 0x21, 0x00, 0x8d, 0xa4,
+    0xa4, 0xa4, 0xfc, 0xe0, 0x00, 0xc4, 0xab, 0x64, 0x1c, 0xb6, 0x1c, 0x00,
+    0x06, 0x17, 0x97, 0x01, 0xb4, 0xd8, 0x1d, 0xb9, 0x9b, 0x55, 0x71, 0xc2,
+    0x7b, 0x62, 0xb3, 0xcb, 0x35, 0x23, 0xda, 0x6e, 0x29, 0x1a, 0xb4, 0xb0,
+    0xed, 0x75, 0x94, 0x18, 0xee, 0x12, 0x47, 0x45, 0xab, 0xb6, 0xd4, 0xf9,
+    0xd4, 0x82, 0x9c, 0x28, 0x7f, 0xc2, 0xdb, 0x94, 0xdd, 0x81, 0x57, 0xa0,
+    0x55, 0x92, 0x6e, 0x0f, 0x07, 0x69, 0x06, 0x08, 0xcc, 0xd3, 0xf4, 0x28,
+    0xcb, 0x8e, 0x94, 0xfd, 0xf2, 0x4c, 0xd9, 0xf2, 0xa9, 0x4f, 0x3c, 0x36,
+    0x57, 0x48, 0x1b, 0x48, 0xfa, 0x05, 0xa7, 0x86, 0xb6, 0x78, 0x92, 0x0a,
+    0xdb, 0x56, 0x8e, 0x0f, 0x7f, 0x7c, 0x66, 0x61, 0xa2, 0x59, 0xe8, 0xed,
+    0xc9, 0x03, 0x42, 0x8e, 0x2e, 0x44, 0xd8, 0x56, 0xe5, 0x85, 0x86, 0x15,
+    0xfb, 0x17, 0x65, 0x12, 0x54, 0xa1, 0xc0, 0x6d, 0xaf, 0xa2, 0x63, 0x60,
+    0xde, 0x91, 0x56, 0x1d, 0xc8, 0x41, 0xe2, 0x3f, 0x2b, 0xf7, 0x4f, 0x34,
+    0x58, 0xfd, 0x4a, 0xda, 0x64, 0xb5, 0xbb, 0xf8, 0x99, 0xda, 0x19, 0x44,
+    0xc5, 0x8f, 0x3c, 0xbb, 0x79, 0x4b, 0x95, 0xb9, 0xde, 0x42, 0x29, 0x91,
+    0xf1, 0x0a, 0xdc, 0x39, 0x55, 0x55, 0x6f, 0xcc, 0xa9, 0x1f, 0x50, 0x10,
+    0xe6, 0x1c, 0x43, 0xc8, 0xeb, 0xe3, 0x19, 0xad, 0x88, 0x2b, 0xbb, 0xfc,
+    0xd2, 0xff, 0x96, 0x68, 0xf3, 0x44, 0xda, 0x9b, 0x7d, 0xdd, 0x5a, 0x39,
+    0x5e, 0x73, 0xea, 0x38, 0xaa, 0xcb, 0xcf, 0x8a, 0x0f, 0xb6, 0xd4, 0xc9,
+    0x12, 0xbe, 0x60, 0xa8, 0x35, 0x80, 0xfb, 0x18, 0x02, 0xcc, 0x3d, 0x4b,
+    0x0e, 0x7d, 0x20, 0xc7, 0x0e, 0x76, 0x42, 0x62, 0xc5, 0xf2, 0x9b, 0x1e,
+    0xd0, 0x15, 0x07, 0x7f, 0x40, 0x17, 0xb2, 0xdd, 0x0e, 0x79, 0x8e, 0xdc,
+    0x51, 0x17, 0x46, 0x2d, 0xa6, 0x16, 0xe2, 0x35, 0x95, 0x05, 0x3f, 0xd9,
+    0x8e, 0x41, 0x30, 0x15, 0xc4, 0x43, 0xa5, 0x0c, 0xbc, 0x3f, 0xa5, 0xfe,
+    0x3c, 0x7a, 0x13, 0x79, 0x87, 0x55, 0x3a, 0xed, 0x20, 0x55, 0x73, 0x10,
+    0x80, 0x50, 0xb1, 0xb0, 0x0c, 0x99, 0xff, 0x14, 0xca, 0xba, 0x3b, 0x5b,
+    0x15, 0xdf, 0x14, 0x88, 0xfa, 0xb9, 0x65, 0xb7, 0x8f, 0xf7, 0x56, 0x7f,
+    0x39, 0x50, 0xe5, 0x77, 0x7f, 0xae, 0x8d, 0x08, 0x30, 0xbf, 0x0a, 0xe1,
+    0x48, 0x69, 0x85, 0x3f, 0x53, 0xf7, 0xe1, 0x84, 0x22, 0xf4, 0x70, 0x01,
+    0xe5, 0x77, 0xb4, 0xb6, 0xd2, 0xc5, 0xe7, 0x1d, 0xaa, 0xd3, 0xaf, 0xfc,
+    0xf2, 0x61, 0xf8, 0xf7, 0xf9, 0x6d, 0x2a, 0x46, 0x2b, 0x33, 0x4d, 0x1e,
+    0x01, 0x40, 0x8b, 0x8c, 0x86, 0xe6, 0xb5, 0x5d, 0x61, 0xc5, 0xd9, 0x33,
+    0xd2, 0x6c, 0x58, 0x3d, 0x58, 0xcd, 0xc1, 0x2a, 0x18, 0x9f, 0xd5, 0x74,
+    0x26, 0xbd, 0x3b, 0xc9, 0x8f, 0x7a, 0x21, 0x7d, 0x25, 0x16, 0x93, 0x66,
+    0x04, 0xc5, 0x86, 0xd2, 0x1d, 0x99, 0x43, 0xb7, 0x31, 0x01, 0x6e, 0x5a,
+    0x6b, 0xc8, 0xb3, 0xd0, 0xc7, 0x0c, 0xf0, 0x34, 0x1d, 0x06, 0xed, 0x88,
+    0x38, 0x3c, 0xa4, 0x68, 0x3e, 0xd5, 0xd9, 0xaf, 0x5e, 0x94, 0xaf, 0x85,
+    0x74, 0x85, 0xac, 0x23, 0x9a, 0xc6, 0x60, 0x02, 0x22, 0x03, 0x23, 0x43,
+    0xa1, 0xa3, 0x94, 0xf0, 0xd2, 0x6f, 0x74, 0xb4, 0xd0, 0xa7, 0x9f, 0x88,
+    0x5e, 0x33, 0x19, 0x93, 0xc8, 0x55, 0x74, 0x84, 0x5b, 0x8e, 0xe8, 0x7e,
+    0x08, 0x78, 0x4b, 0xfd, 0xb6, 0xd3, 0xb5, 0x51, 0xeb, 0x3b, 0x34, 0xb1,
+    0x89, 0xcf, 0x98, 0x0a, 0x2d, 0x19, 0x70, 0x99, 0xda, 0xd3, 0xd4, 0xfb,
+    0xe2, 0xd7, 0x48, 0x2b, 0xf8, 0xe8, 0xf8, 0xe0, 0xc0, 0xfa, 0x16, 0x43,
+    0x84, 0x82, 0x4c, 0x7c, 0x1a, 0x5d, 0x45, 0x88, 0xc3, 0x41, 0x70, 0x06,
+    0x71, 0xea, 0xd3, 0x99, 0x2e, 0xfd, 0x26, 0xff, 0x33, 0xf6, 0x6c, 0x41,
+    0xe2, 0xca, 0xe4, 0xc9, 0x0b, 0x55, 0xb5, 0xe6, 0x3a, 0xd3, 0x26, 0x12,
+    0xc3, 0xfe, 0xaf, 0x0a, 0xf5, 0x2c, 0x1a, 0x20, 0x25, 0x64, 0x76, 0x3b,
+    0xe0, 0x64, 0x54, 0xbf, 0x9b, 0x87, 0x14, 0x7d, 0x47, 0xa8, 0xda, 0xae,
+    0x86, 0x3b, 0x4d, 0xfc, 0x55, 0xeb, 0x75, 0x45, 0x5a, 0x6d, 0x98, 0x77,
+    0x74, 0x23, 0xc6, 0x52, 0xab, 0x37, 0x19, 0xd8, 0x2c, 0x2e, 0x01, 0x62,
+    0x68, 0xdd, 0xb7, 0x0d, 0xaa, 0x8d, 0xde, 0xed, 0xc8, 0x29, 0x9c, 0xe2,
+    0x32, 0xfc, 0xbd, 0xd5, 0xef, 0xfb, 0x0c, 0x0f, 0xa1, 0x20, 0x5f, 0x64,
+    0x33, 0x37, 0xdd, 0x7a, 0x67, 0x01, 0x5a, 0x7e, 0x5e, 0xbc, 0x38, 0x2a,
+    0x7e, 0xed, 0x56, 0x14, 0x92, 0x78, 0x2c, 0x8f, 0x6a, 0x8c, 0xf7, 0xea,
+    0x1a, 0x44, 0x95, 0x79, 0x28, 0x1f, 0xa0, 0x7e, 0xd1, 0xa0, 0x73, 0xc9,
+    0x59, 0x5f, 0x17, 0xe1, 0x05, 0xd1, 0x7b, 0xfc, 0x56, 0xe5, 0xfb, 0x8b,
+    0x9a, 0x01, 0xea, 0xcb, 0x39, 0x3f, 0x0f, 0x71, 0x2b, 0xb3, 0xea, 0xe7,
+    0xf9, 0x27, 0xf0, 0xcf, 0x55, 0x73, 0x7d, 0xeb, 0x7d, 0x92, 0x69, 0x91,
+    0xb5, 0x7f, 0x51, 0x5b, 0x9a, 0x71, 0xa7, 0x58, 0x1e, 0x17, 0xcd, 0x9b,
+    0x5c, 0x78, 0xd7, 0x4a, 0x23, 0xd2, 0x28, 0xe5, 0x36, 0x9a, 0x95, 0x4a,
+    0xbc, 0x72, 0x11, 0xc9, 0xda, 0x86, 0x1f, 0xe3, 0xd8, 0xf6, 0xc8, 0xef,
+    0x98, 0x96, 0xb6, 0x0b, 0x46, 0xe3, 0x02, 0x46, 0x9b, 0x82, 0x15, 0x3e,
+    0xed, 0xf0, 0x6a, 0xcf, 0x60, 0x82, 0x56, 0x0d, 0xbd, 0x45, 0x32, 0xe5,
+    0xa1, 0xf6, 0x42, 0xfa, 0x4f, 0x76, 0xa5, 0xc1, 0x3f, 0x9a, 0x85, 0xb5,
+    0x52, 0x15, 0x19, 0x2b, 0xed, 0x6a, 0xf0, 0x13, 0xff, 0xf5, 0xdb, 0x8f,
+    0x91, 0x71, 0xe9, 0xc1, 0xe7, 0x0f, 0xd3, 0x91, 0xbf, 0x20, 0x4d, 0x78,
+    0x6f, 0x86, 0xae, 0x6e, 0x32, 0x89, 0x39, 0x07, 0x42, 0x70, 0xb7, 0xb2,
+    0x96, 0xa2, 0xb3, 0x21, 0xdd, 0x72, 0xc3, 0xbb, 0x03, 0x61, 0x31, 0xcf,
+    0x4b, 0x30, 0xe5, 0xf4, 0xb7, 0xd3, 0x05, 0x12, 0xec, 0xf5, 0xcb, 0x06,
+    0x1c, 0x77, 0xcf, 0x07, 0x7f, 0x12, 0x3c, 0xbd, 0xdc, 0xf2, 0x32, 0x88,
+    0xfa, 0x4a, 0xca, 0xe7, 0xaf, 0xed, 0x0f, 0x4b, 0x36, 0x01, 0x52, 0x8e,
+    0xed, 0xb2, 0xc1, 0x50, 0x5d, 0xfb, 0x9b, 0x19, 0x76, 0xd6, 0x88, 0xeb,
+    0xcc, 0xf3, 0x77, 0x00, 0x2a, 0xc8, 0x98, 0x27, 0x4f, 0xaf, 0xc5, 0x2e,
+    0x7b, 0xd8, 0x18, 0xd0, 0x2d, 0x59, 0x16, 0x88, 0xb4, 0x76, 0x74, 0x43,
+    0xb0, 0xc1, 0x16, 0x4a, 0x8d, 0x96, 0x3f, 0xe3, 0x1b, 0xac, 0xce, 0x70,
+    0xe1, 0xd9, 0xbe, 0x72, 0x51, 0xa2, 0x81, 0x45, 0x19, 0x46, 0xa1, 0x92,
+    0xbe, 0x22, 0xb5, 0x99, 0x28, 0xfa, 0xe8, 0x87, 0xea, 0x2e, 0x5a, 0x02,
+    0xf1, 0x42, 0x46, 0xb1, 0x55, 0x8f, 0x9b, 0xbd, 0xd1, 0x7b, 0x64, 0x52,
+    0x6b, 0xf9, 0x17, 0x31, 0x0f, 0xc0, 0xaa, 0xcc, 0x7b, 0xbc, 0x0f, 0x84,
+    0x83, 0xb3, 0xe9, 0xab, 0x69, 0xec, 0x42, 0x74, 0x27, 0x1e, 0x3e, 0x7d,
+    0x27, 0xbe, 0x7f, 0x80, 0xe4, 0x36, 0x55, 0xa9, 0x3c, 0x6f, 0xec, 0x27,
+    0xa9, 0x7e, 0xfb, 0x69, 0xbd, 0xfa, 0xa3, 0x7a, 0xc5, 0xc8, 0xc8, 0x3e,
+    0x42, 0x20, 0x80, 0x2e, 0xfb, 0x9c, 0xb8, 0x5b, 0x9a, 0x89, 0x21, 0xbb,
+    0x91, 0x0a, 0xec, 0x75, 0x9e, 0x86, 0xf3, 0x78, 0xe6, 0xbb, 0xc0, 0x7a,
+    0xb8, 0x72, 0xf8, 0x81, 0xd7, 0xf7, 0xb3, 0x6b, 0xb7, 0x29, 0x78, 0xad,
+    0xa2, 0xbb, 0x47, 0x23, 0x1b, 0x0b, 0x12, 0x41, 0x4e, 0xfb, 0x21, 0x1e,
+    0x60, 0xbd, 0x0c, 0xed, 0x62, 0x3c, 0xe7, 0x6e, 0x00, 0x45, 0xcf, 0x5e,
+    0x36, 0xf6, 0x19, 0x77, 0x03, 0xea, 0x95, 0x67, 0x64, 0x12, 0x49, 0x9e,
+    0x84, 0x3c, 0xfc, 0x3b, 0x3d, 0xc8, 0xd5, 0x0e, 0xf4, 0x93, 0x8d, 0xc3,
+    0xb0, 0x10, 0xbc, 0xfe, 0xb4, 0xe0, 0x5f, 0xcf, 0x1a, 0x73, 0x92, 0xfe,
+    0x34, 0x21, 0xf8, 0xc3, 0xfd, 0x5b, 0xba, 0x63, 0x20, 0x8b, 0x80, 0x84,
+    0xda, 0xa0, 0x93, 0x1a, 0x74, 0xcc, 0x6d, 0x61, 0x7c, 0xb8, 0x63, 0xba,
+    0xde, 0x45, 0x26, 0x5d, 0xe6, 0xe6, 0x1a, 0x90, 0xe5, 0xbb, 0xdc, 0x2a,
+    0x8e, 0x32, 0x49, 0xb8, 0xe3, 0x74, 0xee, 0x87, 0x4e, 0xb6, 0x70, 0x05,
+    0x9c, 0x7b, 0x1b, 0x22, 0x63, 0xfb, 0x5d, 0x75, 0x7f, 0x23, 0x00, 0x85,
+    0xf5, 0x32, 0xa0, 0x51, 0xe0, 0x18, 0x2a, 0x0c, 0xe3, 0x33, 0x47, 0x2a,
+    0x17, 0xe6, 0x99, 0xc4, 0xda, 0x1f, 0xf1, 0x49, 0xcb, 0xc3, 0x8c, 0x38,
+    0x22, 0x4d, 0xcd, 0xdf, 0x93, 0xfa, 0x61, 0x3f, 0xd6, 0xb2, 0x73, 0xf3,
+    0x44, 0xe2, 0x70, 0x3d, 0x5c, 0x08, 0x6f, 0xe4, 0x31, 0xc4, 0xae, 0x10,
+    0xdf, 0xf2, 0x3c, 0x30, 0x90, 0xfb, 0x41, 0xe6, 0x48, 0x2f, 0xf4, 0x51,
+    0xe4, 0x95, 0x8a, 0x11, 0xe7, 0x7f, 0x8f, 0xc8, 0xd1, 0xbe, 0x83, 0x59,
+    0xaf, 0x4d, 0x85, 0xbd, 0xa2, 0x89, 0xef, 0xa0, 0x75, 0x12, 0xb2, 0xfd,
+    0x7c, 0x9b, 0x05, 0x59, 0x2b, 0x72, 0x98, 0xdb, 0x11, 0x89, 0x93, 0xd2,
+    0xd0, 0x73, 0x05, 0xf4, 0x8c, 0x28, 0x0f, 0x6c, 0x92, 0xd7, 0x00, 0x9e,
+    0x67, 0x1b, 0x2e, 0xa6, 0xac, 0x4e, 0xca, 0xd4, 0x62, 0xbd, 0xc6, 0x16,
+    0xeb, 0xf1, 0x31, 0x2c, 0x58, 0xe1, 0x35, 0x0d, 0xb9, 0x71, 0x61, 0x7f,
+    0x8e, 0x60, 0x28, 0xec, 0xfc, 0x8b, 0x83, 0x41, 0x18, 0x5e, 0xe1, 0xaf,
+    0x1e, 0x67, 0x29, 0xa9, 0xee, 0xc2, 0xc3, 0x24, 0x28, 0xab, 0x5a, 0x8b,
+    0x0b, 0x53, 0xe8, 0xa9, 0xd8, 0xb2, 0x4c, 0xee, 0xcd, 0x33, 0x16, 0x8d,
+    0xd8, 0xf4, 0xc9, 0x5c, 0x56, 0x8a, 0xe7, 0x76, 0x99, 0x64, 0x25, 0x02,
+    0x91, 0xe5, 0xa3, 0x41, 0x30, 0x3f, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
+    0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x00, 0x80, 0x30, 0x0c,
+    0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
+    0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
+    0x14, 0x31, 0x5b, 0xb3, 0xa2, 0x04, 0x47, 0x84, 0x05, 0x78, 0xcc, 0x0f,
+    0x95, 0x78, 0xa0, 0x56, 0xdd, 0x30, 0x59, 0x4b, 0x28, 0x30, 0x0b, 0x06,
+    0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11, 0x03, 0x82,
+    0x09, 0x75, 0x00, 0x1f, 0xd0, 0xf9, 0x69, 0x2c, 0xd8, 0xd9, 0xc8, 0x43,
+    0x14, 0xa7, 0x5c, 0xa8, 0xc3, 0x3e, 0xe5, 0xda, 0xc8, 0x17, 0xbc, 0xa6,
+    0xfb, 0x9d, 0xda, 0xb5, 0x30, 0x51, 0xa0, 0xc7, 0x21, 0xaf, 0xaa, 0x46,
+    0x79, 0xeb, 0x7c, 0x01, 0x4c, 0xbf, 0x1a, 0x6b, 0xed, 0xd0, 0xc5, 0xe1,
+    0x54, 0x16, 0xec, 0xdb, 0x8c, 0x3c, 0x58, 0x8f, 0x7f, 0x37, 0x7c, 0x92,
+    0x12, 0x73, 0x41, 0x11, 0x5e, 0x35, 0xd9, 0x95, 0xc5, 0x1b, 0x7c, 0x0a,
+    0x38, 0x86, 0x53, 0x74, 0xf5, 0x6d, 0x3f, 0x5f, 0x1e, 0x08, 0x73, 0x26,
+    0x50, 0x6a, 0x40, 0x13, 0xef, 0x6d, 0xb1, 0xf1, 0x39, 0xd8, 0xd8, 0xb3,
+    0x7c, 0x53, 0x3b, 0x95, 0x8d, 0xa3, 0xf9, 0x2f, 0x29, 0x00, 0x97, 0x4a,
+    0x0d, 0xaa, 0xf8, 0xb8, 0xb9, 0x88, 0x24, 0x47, 0xb1, 0x6c, 0x72, 0x55,
+    0xb9, 0x45, 0x0a, 0x64, 0x77, 0x82, 0xb9, 0x8e, 0xe8, 0x22, 0xaf, 0xaa,
+    0xa4, 0x67, 0x84, 0x0c, 0x85, 0x07, 0x61, 0x34, 0xf2, 0x59, 0x1b, 0x32,
+    0x0c, 0x78, 0x92, 0x9f, 0xab, 0x89, 0xae, 0x66, 0x20, 0x80, 0x36, 0xfa,
+    0x3b, 0xa7, 0x72, 0xc1, 0x31, 0x1e, 0x65, 0x2b, 0x03, 0x69, 0xa5, 0xbe,
+    0x06, 0x19, 0x7c, 0x37, 0xeb, 0xe9, 0x4b, 0x1f, 0x00, 0x4b, 0xaf, 0x4c,
+    0xe6, 0x6a, 0xcc, 0xf8, 0xc1, 0x18, 0xc8, 0x07, 0x41, 0x14, 0xb7, 0x7b,
+    0x3f, 0x9e, 0xeb, 0xd1, 0x23, 0x97, 0x83, 0x21, 0xb1, 0xea, 0x47, 0xcd,
+    0xd0, 0x72, 0x15, 0xeb, 0x54, 0x14, 0xb8, 0xe3, 0x70, 0x1b, 0xb2, 0x0a,
+    0x54, 0x00, 0x95, 0x1d, 0x35, 0x06, 0x55, 0x2d, 0x0a, 0xf3, 0xe1, 0x6c,
+    0x8a, 0x6f, 0x91, 0x9d, 0x1d, 0x5d, 0x12, 0xc1, 0xb2, 0x96, 0x9e, 0x33,
+    0x21, 0xc2, 0xf8, 0xae, 0x5a, 0xea, 0xec, 0x44, 0x05, 0x00, 0xb4, 0xef,
+    0xfe, 0x83, 0x01, 0x41, 0x4a, 0xa1, 0xc8, 0xe6, 0x95, 0xdf, 0x4d, 0xd1,
+    0xbb, 0xaf, 0x18, 0xe3, 0x24, 0x8c, 0x03, 0x88, 0xf7, 0x0a, 0x64, 0xad,
+    0x48, 0xc0, 0x79, 0x03, 0x55, 0x88, 0xb9, 0x4d, 0x53, 0xc9, 0x7d, 0x6b,
+    0xcb, 0xc4, 0x7d, 0xd4, 0xf4, 0x9f, 0xee, 0x2b, 0x6b, 0x84, 0x6e, 0xa3,
+    0xc4, 0x64, 0x9a, 0x9c, 0x3d, 0xac, 0xae, 0xcc, 0x1a, 0x61, 0x6e, 0xfc,
+    0xee, 0x9d, 0x7c, 0xb4, 0x87, 0xa2, 0x6e, 0xbc, 0x20, 0xb3, 0x43, 0xc9,
+    0xa3, 0xfb, 0xd1, 0xd8, 0x8e, 0xf9, 0x6d, 0xe9, 0x39, 0xd9, 0x6a, 0xf7,
+    0x9d, 0x3e, 0x3a, 0x0f, 0x05, 0xe4, 0xca, 0x0f, 0xf7, 0x42, 0x2d, 0xc8,
+    0x9a, 0xb5, 0x5a, 0x46, 0xce, 0x14, 0xbe, 0xd9, 0xce, 0x35, 0xed, 0xc5,
+    0x90, 0x8b, 0xe1, 0x4c, 0xa1, 0x4e, 0x22, 0x86, 0x5c, 0x7f, 0x47, 0x96,
+    0xd7, 0x17, 0xd1, 0x11, 0x94, 0x4a, 0x60, 0x18, 0x37, 0x57, 0x71, 0x2a,
+    0xe7, 0xf5, 0xa3, 0x6e, 0x5d, 0x24, 0xb0, 0xa6, 0xca, 0x63, 0x79, 0x2a,
+    0xf6, 0xa0, 0xb2, 0x6c, 0x04, 0x67, 0xdf, 0x5f, 0x49, 0xdf, 0xc5, 0xd8,
+    0x16, 0xca, 0xeb, 0x94, 0xcd, 0xdf, 0x71, 0x43, 0x61, 0x62, 0x71, 0x72,
+    0xcd, 0xd0, 0x76, 0x9b, 0xd8, 0x8a, 0x6a, 0x78, 0xca, 0x3e, 0x88, 0xfb,
+    0x1a, 0x96, 0x58, 0x79, 0xbb, 0x28, 0x31, 0xb2, 0xe4, 0xe1, 0x9f, 0x31,
+    0x77, 0xdf, 0xcf, 0x8a, 0x25, 0xfd, 0xc0, 0x42, 0x81, 0x14, 0xff, 0x83,
+    0xb4, 0xe3, 0x02, 0x25, 0x58, 0xe3, 0x4e, 0x9a, 0x13, 0xf3, 0xa9, 0xa0,
+    0x93, 0x34, 0x4a, 0x53, 0x9e, 0x7d, 0x7a, 0x77, 0xb9, 0xcc, 0x68, 0xd9,
+    0x3a, 0xb9, 0xeb, 0xf9, 0x9f, 0x74, 0x86, 0x0c, 0x36, 0xc3, 0x06, 0x48,
+    0x92, 0x42, 0xaf, 0x5c, 0x8f, 0xd7, 0x5e, 0xba, 0x44, 0xfb, 0x48, 0xdd,
+    0x61, 0xa0, 0xad, 0xd1, 0x9f, 0x9d, 0xd3, 0xd4, 0xc8, 0x07, 0x74, 0x52,
+    0x5f, 0x0a, 0x0e, 0xf7, 0x97, 0x02, 0x2e, 0xed, 0xd1, 0xf8, 0x3f, 0x6a,
+    0x72, 0xab, 0x9c, 0x51, 0xa7, 0x75, 0x51, 0x68, 0x35, 0x6f, 0x39, 0x0c,
+    0xc1, 0x78, 0xc5, 0xcc, 0x0b, 0x15, 0xbc, 0xc5, 0xcb, 0x56, 0xfb, 0xcc,
+    0x44, 0x7e, 0x6e, 0x7b, 0x0f, 0xb2, 0x3c, 0x5a, 0xa0, 0xbb, 0x36, 0x32,
+    0x95, 0x44, 0x7d, 0xcf, 0x47, 0xb8, 0xf4, 0xba, 0x72, 0x2a, 0x4b, 0x33,
+    0xda, 0x44, 0x84, 0x4e, 0xe1, 0x47, 0x94, 0x7b, 0x52, 0x74, 0x01, 0x09,
+    0x30, 0x46, 0xdd, 0x7a, 0xca, 0xb5, 0xdb, 0x19, 0xc5, 0x3a, 0xdb, 0x1d,
+    0xf2, 0x3e, 0x2e, 0x25, 0x2b, 0xa0, 0xd5, 0x0d, 0xaf, 0xfb, 0x09, 0xc0,
+    0xe7, 0x21, 0xf1, 0x8e, 0x20, 0xcc, 0x86, 0x20, 0x47, 0x40, 0xca, 0x8f,
+    0x28, 0xe8, 0x1c, 0x85, 0xa6, 0xfd, 0x7c, 0xb5, 0xe1, 0xdb, 0xaa, 0x12,
+    0xf0, 0xd9, 0x28, 0xe9, 0xe1, 0xe6, 0x81, 0x97, 0x28, 0x6c, 0x1c, 0x5a,
+    0xa5, 0x90, 0xb9, 0xfe, 0x31, 0xc1, 0x3e, 0xb7, 0x96, 0x58, 0xbf, 0xf7,
+    0x30, 0x61, 0xc1, 0x98, 0xef, 0x96, 0x1e, 0x9e, 0x2b, 0x85, 0x92, 0x3d,
+    0x9e, 0x07, 0x4b, 0xeb, 0x12, 0x57, 0x64, 0x70, 0x79, 0x79, 0x3e, 0x4e,
+    0xce, 0xc7, 0x40, 0x2b, 0x39, 0x98, 0x82, 0xfe, 0x3d, 0xb0, 0x0b, 0x82,
+    0x54, 0x2b, 0x17, 0x60, 0xfa, 0xa9, 0x1f, 0x96, 0xe3, 0xd0, 0x0f, 0x45,
+    0x98, 0x80, 0x5d, 0xa0, 0xff, 0x81, 0x2c, 0xad, 0xdf, 0x12, 0x05, 0x58,
+    0x9a, 0x75, 0xab, 0x2d, 0xa8, 0xce, 0xbf, 0xc6, 0x93, 0x5a, 0x10, 0xf5,
+    0x39, 0x14, 0x25, 0x7a, 0x96, 0x00, 0x95, 0xee, 0x72, 0x50, 0xfe, 0x9f,
+    0x95, 0x9f, 0x17, 0x33, 0x8e, 0x7d, 0xd8, 0x54, 0xd5, 0xf0, 0x90, 0x1d,
+    0x57, 0x51, 0x56, 0x32, 0x04, 0xa3, 0xcb, 0x21, 0x4e, 0xb0, 0x07, 0xb0,
+    0x5d, 0x65, 0x92, 0xf9, 0x3a, 0x83, 0x1f, 0x30, 0x01, 0x45, 0x4e, 0xba,
+    0xa3, 0xab, 0x11, 0xe9, 0xf7, 0xc3, 0xc2, 0xe0, 0x73, 0xda, 0xf0, 0xab,
+    0xed, 0xd0, 0x41, 0xe3, 0x7c, 0x38, 0x31, 0xbc, 0x3e, 0xa2, 0x36, 0x8b,
+    0xe2, 0x52, 0x4c, 0xed, 0x63, 0x50, 0x7d, 0xb0, 0x95, 0x36, 0x96, 0xab,
+    0x0e, 0xca, 0x9a, 0x4c, 0x63, 0x68, 0x74, 0x3d, 0x88, 0xa8, 0x2f, 0xed,
+    0xcf, 0xd9, 0xa2, 0xf8, 0xcf, 0xe7, 0x16, 0x97, 0xfb, 0x4f, 0xc8, 0x66,
+    0xa2, 0xf0, 0xca, 0x61, 0x8b, 0xe7, 0x9a, 0xf8, 0xa6, 0x46, 0x20, 0x75,
+    0x16, 0xde, 0xb0, 0xaf, 0xa0, 0xaf, 0x18, 0xc1, 0x8c, 0xed, 0xd7, 0xd3,
+    0x22, 0xf2, 0xce, 0xd9, 0xe5, 0x6c, 0x7c, 0x1a, 0x5f, 0x45, 0xf1, 0x32,
+    0x3a, 0x87, 0x95, 0xbe, 0x83, 0xa0, 0xb8, 0xa7, 0x0e, 0x4b, 0xc0, 0xf8,
+    0xec, 0x5d, 0x2f, 0x94, 0x8c, 0xde, 0xda, 0x1f, 0xfb, 0x48, 0xe1, 0x38,
+    0x99, 0x01, 0x17, 0x02, 0x56, 0xcd, 0x81, 0x04, 0x93, 0xc1, 0xc8, 0xcd,
+    0x3c, 0xc0, 0xe0, 0xe6, 0x5f, 0xc6, 0xb4, 0x4f, 0x75, 0x02, 0xb7, 0x60,
+    0xae, 0x5b, 0x96, 0xa1, 0x87, 0x63, 0x54, 0x28, 0x73, 0xf9, 0xf8, 0x12,
+    0x2a, 0xf1, 0x10, 0xd0, 0x61, 0xbc, 0xeb, 0xa9, 0x12, 0x3d, 0x3c, 0x4a,
+    0x30, 0x3b, 0x01, 0x5b, 0x02, 0xa1, 0x8e, 0xe0, 0x65, 0x96, 0x70, 0x65,
+    0x92, 0xd7, 0x26, 0x3c, 0xa6, 0x98, 0x52, 0xe9, 0x86, 0xb2, 0x9c, 0xeb,
+    0x5c, 0xdc, 0x8a, 0x78, 0xfe, 0x72, 0x83, 0x57, 0xf3, 0x26, 0x2b, 0xcc,
+    0x55, 0x11, 0x85, 0x56, 0xa3, 0x30, 0x38, 0xc3, 0x5f, 0x74, 0x4f, 0xd3,
+    0x94, 0x11, 0xd6, 0x62, 0xa8, 0x75, 0x4b, 0xe8, 0x10, 0x52, 0x33, 0x90,
+    0xea, 0x4a, 0x90, 0x08, 0x43, 0x2a, 0xbf, 0xab, 0xb2, 0x18, 0xc8, 0xc7,
+    0x51, 0xb3, 0x26, 0xda, 0x60, 0xf6, 0x17, 0xdd, 0xe4, 0xdf, 0xbb, 0xf1,
+    0x3f, 0x6a, 0x98, 0xe9, 0x3b, 0x2e, 0xe0, 0x70, 0xe6, 0xbf, 0xd3, 0xea,
+    0x85, 0xc8, 0x95, 0x8d, 0x8e, 0x71, 0x30, 0x32, 0xa3, 0xec, 0x3e, 0x39,
+    0x28, 0xd8, 0x85, 0x11, 0x78, 0xeb, 0x3b, 0x29, 0x1d, 0x42, 0x36, 0xda,
+    0xf1, 0xbe, 0x03, 0x04, 0xbc, 0xe8, 0x42, 0xd6, 0xd7, 0x85, 0x9e, 0x60,
+    0xb0, 0x4e, 0x67, 0xc2, 0xba, 0xc6, 0xd1, 0x4f, 0x46, 0x5f, 0xba, 0x8c,
+    0xa8, 0x53, 0x7f, 0x2b, 0xf6, 0x66, 0x13, 0x65, 0x85, 0x3f, 0x52, 0x7f,
+    0x44, 0x54, 0x93, 0x37, 0x77, 0xea, 0x58, 0x3e, 0xe2, 0x3a, 0x2e, 0x85,
+    0x29, 0x10, 0x97, 0xf1, 0x4e, 0x09, 0xe8, 0x6d, 0x57, 0xad, 0x43, 0x4c,
+    0x6e, 0xf4, 0x71, 0xfe, 0x94, 0x0e, 0x60, 0xa7, 0x4a, 0xca, 0x4b, 0x24,
+    0x60, 0xbb, 0x2d, 0x37, 0xcc, 0x26, 0xf0, 0x46, 0xef, 0x42, 0x7c, 0xba,
+    0xf6, 0xf0, 0x5d, 0x9f, 0xef, 0x04, 0xcd, 0xb6, 0xb4, 0xc4, 0xac, 0x34,
+    0xd5, 0x11, 0xd5, 0xe8, 0x4e, 0xbf, 0x4a, 0x5e, 0xe2, 0xa4, 0xc3, 0x9d,
+    0xc4, 0x9b, 0xab, 0x5d, 0xae, 0x6f, 0x67, 0xd3, 0x93, 0x9b, 0xc3, 0xdb,
+    0x59, 0x0c, 0x0d, 0x21, 0xf3, 0x28, 0x59, 0xe6, 0x72, 0xe1, 0xb7, 0xfe,
+    0xab, 0x34, 0x08, 0xa3, 0xe6, 0xfc, 0xec, 0x53, 0x8a, 0x0f, 0x95, 0x5d,
+    0x0c, 0x9f, 0xef, 0x64, 0x1a, 0xd7, 0x9c, 0x04, 0x36, 0xea, 0x02, 0xc6,
+    0xea, 0xea, 0x0a, 0xca, 0x98, 0x5b, 0x53, 0x12, 0x8c, 0x10, 0x3c, 0x62,
+    0xa1, 0xff, 0x91, 0x94, 0xca, 0xc7, 0xbe, 0x04, 0x5c, 0x0c, 0x60, 0x01,
+    0x47, 0x19, 0xc8, 0x8d, 0x93, 0xa4, 0x5c, 0xce, 0xaa, 0x38, 0xdf, 0xd7,
+    0xe1, 0x63, 0x2a, 0x00, 0xe2, 0x6e, 0x76, 0xd4, 0xb1, 0xd6, 0x20, 0x6d,
+    0x8e, 0xfc, 0xdb, 0x73, 0xe7, 0xcd, 0xab, 0x80, 0x0d, 0x81, 0x83, 0x66,
+    0xf7, 0xfa, 0x48, 0xce, 0xd3, 0xac, 0x37, 0xb4, 0x36, 0x01, 0xe3, 0x0c,
+    0x63, 0xc9, 0xb2, 0xf5, 0x1e, 0x90, 0x77, 0x19, 0x5e, 0xa0, 0x9d, 0xb7,
+    0xec, 0xdd, 0x4c, 0xde, 0x0f, 0x11, 0x2f, 0x8d, 0x10, 0x45, 0xec, 0xf5,
+    0x99, 0x40, 0x7d, 0x2d, 0x9d, 0x53, 0x86, 0x78, 0x29, 0x67, 0xe3, 0xd2,
+    0x8e, 0x62, 0x4f, 0x31, 0xce, 0x9c, 0x03, 0xbb, 0xe1, 0x2f, 0x64, 0x3b,
+    0xb4, 0xcb, 0x5c, 0x9f, 0xa8, 0x0e, 0x0e, 0xac, 0x66, 0x4f, 0xdd, 0xb1,
+    0x92, 0xb4, 0x44, 0x27, 0x08, 0x04, 0x81, 0x34, 0x1d, 0xc8, 0x76, 0x67,
+    0x2b, 0xb9, 0x4a, 0xb6, 0x37, 0xce, 0x65, 0x16, 0x7b, 0x2a, 0xcc, 0x43,
+    0x65, 0x05, 0xa7, 0x1a, 0x45, 0xd2, 0xe8, 0x05, 0x3d, 0x56, 0x25, 0x1a,
+    0x1c, 0x07, 0x45, 0x96, 0xe1, 0x64, 0x5e, 0x27, 0x7f, 0x61, 0x67, 0x0d,
+    0x9e, 0xfa, 0x95, 0x27, 0x8c, 0xa7, 0xa7, 0x1e, 0x21, 0xa5, 0x9c, 0x62,
+    0xcc, 0x59, 0x74, 0x85, 0x18, 0x05, 0x53, 0x60, 0x22, 0xe6, 0xfe, 0xe6,
+    0x0f, 0x11, 0x68, 0xc5, 0x7e, 0xa9, 0x08, 0x9f, 0x3a, 0x1f, 0x2b, 0x6f,
+    0x33, 0x5a, 0x47, 0x1b, 0x1d, 0xdd, 0xa5, 0xdb, 0x3f, 0x70, 0xc1, 0x7e,
+    0xbf, 0x61, 0x54, 0xda, 0xc9, 0x48, 0x6f, 0x0e, 0x0f, 0x1a, 0x39, 0x7b,
+    0x0b, 0x6c, 0x2f, 0x28, 0xe0, 0x0d, 0x0c, 0xd7, 0x3e, 0x6b, 0x9f, 0xf3,
+    0x9b, 0x67, 0x05, 0xd7, 0xca, 0x94, 0x81, 0x7c, 0xb5, 0x97, 0x81, 0xaf,
+    0x0c, 0x15, 0xc7, 0xa5, 0x6b, 0xa8, 0xfa, 0xe3, 0x97, 0x45, 0xda, 0xa8,
+    0x11, 0x2f, 0x8c, 0x3b, 0xf6, 0xe2, 0xe0, 0xaa, 0x9d, 0x47, 0xf2, 0x6a,
+    0x7f, 0xd3, 0xf3, 0xf2, 0x8c, 0xd7, 0xf3, 0x7e, 0x33, 0xf5, 0x26, 0x4a,
+    0x6e, 0x7b, 0xd1, 0xfe, 0xd4, 0x86, 0xe2, 0xe8, 0x16, 0xab, 0x2d, 0x6a,
+    0xc2, 0x63, 0x8b, 0xb5, 0xe2, 0x6f, 0x5a, 0xd4, 0x5e, 0xee, 0x79, 0xac,
+    0x60, 0xa7, 0x45, 0x7f, 0xf2, 0xe4, 0xa7, 0xbe, 0x6d, 0xc8, 0xbd, 0x25,
+    0x35, 0x9b, 0xee, 0xfc, 0x7f, 0xdc, 0xbc, 0x18, 0xb2, 0xd0, 0xfe, 0x4c,
+    0xfc, 0x44, 0x60, 0xb8, 0x5f, 0x79, 0x6c, 0xb3, 0xf4, 0xe8, 0x1b, 0x3b,
+    0xc3, 0x03, 0xfb, 0x64, 0xca, 0x34, 0x57, 0x66, 0x56, 0x38, 0xf6, 0x3d,
+    0x60, 0x9d, 0x65, 0x82, 0x64, 0x98, 0x55, 0x8d, 0xbf, 0xbf, 0xd1, 0x06,
+    0xc2, 0x3b, 0x00, 0x05, 0x56, 0x27, 0xfa, 0x16, 0x89, 0x04, 0x69, 0xb6,
+    0xbd, 0x8d, 0xd4, 0x50, 0x40, 0x3b, 0xd5, 0xcd, 0xcb, 0x24, 0x18, 0x30,
+    0x3c, 0x5a, 0x8b, 0x08, 0x10, 0x88, 0x18, 0x03, 0x9b, 0xff, 0x56, 0xbb,
+    0x8d, 0x9b, 0x51, 0x71, 0x3b, 0xd0, 0x70, 0x84, 0x93, 0x18, 0x24, 0xe7,
+    0xd4, 0xe7, 0x01, 0xa5, 0xe4, 0x04, 0xe1, 0x79, 0xbf, 0x8f, 0x05, 0xdd,
+    0x46, 0xad, 0x14, 0xed, 0x27, 0xff, 0x07, 0xa6, 0xbe, 0x0e, 0xf8, 0xf1,
+    0x7f, 0x39, 0x27, 0x59, 0xd0, 0x14, 0x5e, 0xbe, 0xa0, 0x5d, 0x4d, 0xda,
+    0xcd, 0xef, 0x61, 0xcd, 0xfc, 0x18, 0xba, 0x7f, 0xc9, 0xec, 0xd9, 0xd0,
+    0xec, 0x00, 0xe7, 0xdc, 0xc9, 0x79, 0xfc, 0xc0, 0x09, 0x98, 0x1e, 0x29,
+    0x6b, 0xed, 0x0c, 0xd2, 0x6f, 0xb7, 0x1b, 0x74, 0x35, 0x11, 0xe8, 0xb7,
+    0x93, 0xc2, 0x1a, 0x6f, 0x21, 0xc1, 0x7f, 0xae, 0xfc, 0x79, 0xe4, 0x41,
+    0xad, 0x3d, 0xfd, 0xa4, 0xfd, 0xdb, 0xde, 0x33, 0x29, 0x80, 0x1d, 0xd7,
+    0x1b, 0x31, 0xa3, 0x4c, 0xf0, 0xfc, 0x5e, 0xa4, 0xc3, 0xae, 0x46, 0x56,
+    0x41, 0x17, 0xb4, 0x07, 0xdf, 0x74, 0x67, 0xd5, 0xdb, 0x08, 0x00, 0xe6,
+    0xa8, 0x1a, 0xac, 0xf5, 0x6b, 0x1a, 0x65, 0x77, 0x9e, 0x49, 0xf5, 0xb7,
+    0x85, 0xa2, 0xdc, 0xd5, 0x28, 0x2a, 0xe3, 0x49, 0x57, 0x7e, 0x44, 0xac,
+    0x0f, 0x85, 0xcb, 0xf8, 0xae, 0x8a, 0x01, 0x5a, 0x90, 0x8d, 0xce, 0xf1,
+    0x7f, 0xaf, 0xe1, 0xdc, 0x3d, 0x93, 0x3c, 0x10, 0xa2, 0xd9, 0xae, 0xb7,
+    0x74, 0x56, 0xe4, 0x8a, 0xca, 0x09, 0x2a, 0xde, 0xb9, 0xbe, 0x29, 0xdd,
+    0xae, 0xe0, 0x17, 0xef, 0x5e, 0x4d, 0x22, 0x78, 0xd3, 0xd1, 0xd7, 0x6f,
+    0x24, 0x18, 0xb2, 0x3b, 0xd5, 0xa9, 0xa7, 0x2d, 0xed, 0x3f, 0x95, 0x7e,
+    0x9e, 0x9e, 0xa7, 0x26, 0x8b, 0xda, 0x40, 0xd7, 0xf6, 0x04, 0xb6, 0x6d,
+    0x37, 0x61, 0x1f, 0x87, 0xff, 0xd2, 0x86, 0xcd, 0xf4, 0x50, 0xad, 0x2f,
+    0xe4, 0x95, 0x47, 0x0c, 0x72, 0x40, 0x52, 0xd8, 0x3f, 0x99, 0x09, 0xef,
+    0x7d, 0xe8, 0x24, 0xc7, 0x83, 0xba, 0x32, 0x64, 0x6c, 0x14, 0x21, 0x52,
+    0x71, 0x83, 0x0e, 0x9a, 0xbd, 0x6d, 0x99, 0xdd, 0x96, 0xd0, 0x95, 0xed,
+    0x40, 0x69, 0x69, 0xa6, 0x91, 0x89, 0xb2, 0x83, 0x31, 0x1d, 0x76, 0x91,
+    0xbe, 0xc1, 0xc9, 0xa7, 0xeb, 0x93, 0x44, 0x32, 0xda, 0xd0, 0xf3, 0xa4,
+    0xa1, 0xfb, 0x21, 0xb7, 0xc9, 0x27, 0x77, 0x5d, 0xf8, 0x00, 0xf7, 0xe0,
+    0x4c, 0x3e, 0x8d, 0x36, 0xc8, 0xdb, 0x2f, 0xae, 0xfe, 0x46, 0x59, 0xcd,
+    0xd7, 0xb9, 0x7f, 0xa1, 0xc1, 0xca, 0xec, 0xf6, 0x6e, 0x43, 0x2a, 0x9a,
+    0xcf, 0x8e, 0xc3, 0xfe, 0x09, 0x44, 0xa8, 0x28, 0x9d, 0xf0, 0x4f, 0x2d,
+    0x44, 0x7f, 0xc6, 0x3f, 0x7b, 0xe5, 0x9b, 0xd4, 0xa9, 0xfd, 0x7b, 0x22,
+    0x53, 0x70, 0x34, 0x29, 0xa7, 0x91, 0x04, 0xd6, 0x18, 0x48, 0x0f, 0xd3,
+    0x3c, 0x78, 0x69, 0xe0, 0x2f, 0x30, 0xb2, 0xe5, 0x65, 0x7a, 0xda, 0xba,
+    0x43, 0x60, 0x91, 0x02, 0x44, 0x19, 0xa7, 0x17, 0xdd, 0x0e, 0x4e, 0x90,
+    0x19, 0x21, 0xb5, 0x96, 0x40, 0x49, 0xbc, 0x9c, 0xec, 0x6c, 0x8a, 0x2d,
+    0x51, 0xc5, 0x76, 0x58, 0xd9, 0x1a, 0xcf, 0x50, 0x75, 0x31, 0xf8, 0xd6,
+    0xc3, 0xe4, 0x82, 0x25, 0x2e, 0xf2, 0x7b, 0x95, 0xe6, 0x82, 0x88, 0xd8,
+    0xcd, 0x6d, 0x16, 0xf8, 0x0e, 0x24, 0x02, 0x4f, 0x6d, 0x0b, 0x62, 0x4e,
+    0x10, 0xf2, 0xde, 0xc9, 0xb6, 0xa9, 0x57, 0xbe, 0x9b, 0x3a, 0x32, 0x1d,
+    0xd5, 0x5a, 0xcc, 0xcf, 0x94, 0xac, 0xb0, 0x11, 0x89, 0xe6, 0xc2, 0xb2,
+    0x6d, 0x8c, 0x79, 0xc0, 0xf6, 0x67, 0x75, 0xfb, 0xc1, 0xfb, 0x90, 0x3b,
+    0xe1, 0xe7, 0x83, 0x74, 0x94, 0x7b, 0xb0, 0x05, 0xd4, 0x71, 0x4f, 0x5d,
+    0xf5, 0x43, 0xd9, 0x66, 0x90, 0x91, 0x35, 0xb7, 0x05, 0x90, 0x1a, 0x4f,
+    0xc7, 0x7b, 0xdb, 0x47, 0x25, 0x57, 0x81, 0x9d, 0xa3, 0x65, 0x11, 0xec,
+    0xa3, 0xde, 0xae, 0xb6, 0xa0, 0x4f, 0x62, 0xeb, 0x33, 0xfa, 0xbc, 0x04,
+    0x7b, 0x24, 0xe5, 0x30, 0xba, 0x13, 0xac, 0xdb, 0x6d, 0xc7, 0xc4, 0x98,
+    0x1e, 0xf0, 0x0d, 0x76, 0x44, 0xdd, 0xde, 0x9f, 0x01, 0x96, 0xc6, 0xe7,
+    0x06, 0xdd, 0x89, 0xf9, 0xe7, 0x41, 0xc4, 0x90, 0x7f, 0x4f, 0x0c, 0x1f,
+    0xb0, 0x0f, 0x96, 0xc8, 0x50, 0x76, 0xe4, 0xda, 0xd4, 0x85, 0x0d, 0xcd,
+    0x33, 0x6a, 0xf3, 0x0b, 0x98, 0xe2, 0x55, 0x58, 0x76, 0x2f, 0x0d, 0x99,
+    0x84, 0xad, 0xcb, 0x5b, 0x4f, 0xf4, 0x77, 0xa3, 0xb5, 0x37, 0x3a, 0x4a,
+    0xa7, 0xbd, 0x70, 0x83, 0x5b, 0x53, 0x13, 0x50, 0x15, 0x82, 0xd6, 0xca,
+    0x5e, 0x2a, 0x6e, 0x63, 0x84, 0x66, 0x50, 0xbb, 0x91, 0x5a, 0x4b, 0x14,
+    0xbe, 0x3c, 0xaa, 0xc7, 0x44, 0x81, 0xb4, 0xc7, 0x37, 0x17, 0x6d, 0x02,
+    0xe4, 0xc0, 0x65, 0x1c, 0xc3, 0x4c, 0xe3, 0xa8, 0x2f, 0xea, 0xb7, 0x0d,
+    0x37, 0x13, 0xf8, 0x7e, 0x95, 0xc3, 0xee, 0xb8, 0x77, 0x24, 0x0f, 0x39,
+    0xb0, 0xf4, 0x85, 0xc1, 0x44, 0x2d, 0xf8, 0x4d, 0xd7, 0x69, 0x63, 0xec,
+    0x5d, 0x41, 0xb9, 0x85, 0x7f, 0xbf, 0x70, 0x65, 0x80, 0x34, 0x86, 0xcd,
+    0xd7, 0x22, 0x74, 0x27, 0x41, 0xb5, 0x4f, 0x51, 0xdd, 0xbe, 0xee, 0x0e,
+    0x14, 0x18, 0x23, 0x2a, 0x2b, 0x36, 0x37, 0x45, 0x76, 0x7e, 0x98, 0xa1,
+    0xa3, 0xb4, 0xb7, 0xc7, 0xd8, 0xec, 0x11, 0x1d, 0x45, 0x56, 0x60, 0x72,
+    0x7f, 0x91, 0x95, 0xac, 0xb0, 0xb1, 0xb3, 0xd1, 0xd9, 0xe2, 0x11, 0x1d,
+    0x2a, 0x36, 0x3c, 0x7e, 0x92, 0x9c, 0xc1, 0xe0, 0xf2, 0xf7, 0x1c, 0x21,
+    0x22, 0x2c, 0x2f, 0x44, 0x58, 0x5e, 0x64, 0x7a, 0x82, 0x91, 0x9b, 0xb9,
+    0xce, 0xd3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x23, 0x2f, 0x3f,
 };
-static unsigned int mcu_device_cert_size = 2;
+static unsigned int mcu_device_cert_size = 4067;

From 542037414bdb2f2f18aa9fea5a2078ead8005421 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
Date: Tue, 12 May 2026 15:00:25 +0200
Subject: [PATCH 9/9] chore(core): add testing tropic attestation key and
 certificate

[no changelog]
---
 core/tools/generate_tropic_model_config.py | 105 ++-------------------
 tests/tropic_model/README.md               |  24 +----
 tests/tropic_model/base_config.yml         |  43 +++++++++
 tests/tropic_model/config.yml              |  41 +++++---
 tests/tropic_model/root_cert.pem           |   9 --
 tests/tropic_model/root_key.pem            |   3 -
 tests/tropic_model/tropic_key.pem          |   3 -
 7 files changed, 81 insertions(+), 147 deletions(-)
 create mode 100644 tests/tropic_model/base_config.yml
 delete mode 100644 tests/tropic_model/root_cert.pem
 delete mode 100644 tests/tropic_model/root_key.pem
 delete mode 100644 tests/tropic_model/tropic_key.pem

diff --git a/core/tools/generate_tropic_model_config.py b/core/tools/generate_tropic_model_config.py
index 052e0ffffd6..2d111f74c01 100755
--- a/core/tools/generate_tropic_model_config.py
+++ b/core/tools/generate_tropic_model_config.py
@@ -1,27 +1,16 @@
 #!/usr/bin/env python3
 
-import hashlib
 import os
 from pathlib import Path
 
 import click
 import yaml
-from cryptography import x509
-from cryptography.hazmat.primitives import serialization
 
 HERE = Path(__file__).parent
 ROOT = HERE.parent.parent.resolve()
 CONFIG_DIR = ROOT / "tests" / "tropic_model"
 DEST_PATH = CONFIG_DIR / "config.yml"
-
-# private key used by the Tropic model to sign
-TROPIC_KEY = CONFIG_DIR / "tropic_key.pem"
-
-# certificate of the Tropic model - signed by the root authority
-TROPIC_CERT = CONFIG_DIR / "tropic_cert.pem"
-
-# certificate of the root authority
-ROOT_CERT = CONFIG_DIR / "root_cert.pem"
+BASE_CONFIG = CONFIG_DIR / "base_config.yml"
 
 VENDOR_CONFIG_DIR = ROOT / "vendor" / "ts-tvl" / "model_configs" / "example_config"
 EXTRA_FILES = [
@@ -34,83 +23,22 @@
 @click.command()
 @click.option("--check", is_flag=True)
 def generate_config(check: bool) -> None:
-    tropic_key = serialization.load_pem_private_key(
-        TROPIC_KEY.read_bytes(), password=None
-    )
-
-    tropic_a = tropic_key.public_key().public_bytes(
-        encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw
-    )
-
-    tropic_private_key_bytes = tropic_key.private_bytes(
-        encoding=serialization.Encoding.Raw,
-        format=serialization.PrivateFormat.Raw,
-        encryption_algorithm=serialization.NoEncryption(),
-    )
-
-    # perform clamping
-    # https://www.jcraige.com/an-explainer-on-ed25519-clamping
-    h = hashlib.sha512(tropic_private_key_bytes).digest()
-    tropic_s = bytearray(h[:32])
-    tropic_s[0] &= 248
-    tropic_s[31] &= 63
-    tropic_s[31] |= 64
-    tropic_s = bytes(tropic_s)
-
-    tropic_prefix = hashlib.sha512(tropic_s).digest()[:32]
-
-    tropic_cert = x509.load_pem_x509_certificate(TROPIC_CERT.read_bytes())
-    tropic_cert_der_bytes = tropic_cert.public_bytes(serialization.Encoding.DER)
-
-    root_cert = x509.load_pem_x509_certificate(ROOT_CERT.read_bytes())
-    root_cert_der_bytes = root_cert.public_bytes(serialization.Encoding.DER)
-
-    # certificate chain with the length prefix
-    all_cert_bytes = (
-        (len(tropic_cert_der_bytes) + len(root_cert_der_bytes)).to_bytes(2, "big")
-        + tropic_cert_der_bytes
-        + root_cert_der_bytes
-    )
-
-    SLOT_LEN = 444
-
-    # make sure they fit in 3 slots, which is what we have available
-    assert len(all_cert_bytes) < SLOT_LEN * 3
-
-    # split the data in 3 slots
-    slot_1_bytes = all_cert_bytes[:SLOT_LEN]
-    slot_2_bytes = all_cert_bytes[SLOT_LEN : SLOT_LEN * 2]
-    slot_3_bytes = all_cert_bytes[SLOT_LEN * 2 : SLOT_LEN * 3]
-
-    # save the data starting at slot 3
-    # see https://github.com/trezor/trezor-firmware/blob/main/core/embed/sec/tropic/inc/sec/tropic.h#L31
-    TROPIC_DEVICE_CERT_FIRST_SLOT = 3
-    user_data = {}
-    for i, data in enumerate([slot_1_bytes, slot_2_bytes, slot_3_bytes]):
-        if len(data) != 0:
-            if len(data) < SLOT_LEN:  # pad last slot
-                data += b"\x00" * (SLOT_LEN - len(data))
-            user_data[TROPIC_DEVICE_CERT_FIRST_SLOT + i] = {"value": data}
-
     config_dict = {
         "s_t_priv": "tropic01_ese_private_key_1.pem",
         "s_t_pub": "tropic01_ese_public_key_1.pem",
         "x509_certificate": "tropic01_ese_certificate_1.pem",
         "debug_random_value": b"\x00\xc0\xff\xee",
-        "r_user_data": user_data,  # certificate chain
-        "r_ecc_keys": {  # signing key at index 0
-            0: {
-                "a": tropic_a,
-                "s": tropic_s,
-                "prefix": tropic_prefix,
-                "origin": 2,  # imported key
-            }
-        },
         "riscv_fw_version": "1.0.0",  # Version of the RISCV Firmware (also know as Application FW) used in TS7 devices
         "spect_fw_version": "1.0.0",
     }
 
-    config = yaml.dump(config_dict)
+    base_config = yaml.safe_load(BASE_CONFIG.read_text())
+    overlap = config_dict.keys() & base_config.keys()
+    if overlap:
+        raise click.ClickException(
+            f"Key collision between base_config and generated config: {overlap}"
+        )
+    config = yaml.dump({**base_config, **config_dict})
 
     if check:
         if not DEST_PATH.exists():
@@ -128,24 +56,11 @@ def generate_config(check: bool) -> None:
                 print(f"{extra_file_dest} is out of date")
                 raise click.ClickException("Extra config file is out of date")
     else:
-        tropic_key_stat = TROPIC_KEY.stat()
-        tropic_cert_stat = TROPIC_CERT.stat()
-        root_cert_stat = ROOT_CERT.stat()
         DEST_PATH.write_text(config)
+        base_config_stat = BASE_CONFIG.stat()
         os.utime(
             DEST_PATH,
-            ns=(
-                max(
-                    tropic_key_stat.st_atime_ns,
-                    tropic_cert_stat.st_atime_ns,
-                    root_cert_stat.st_atime_ns,
-                ),
-                max(
-                    tropic_key_stat.st_mtime_ns,
-                    tropic_cert_stat.st_mtime_ns,
-                    root_cert_stat.st_mtime_ns,
-                ),
-            ),
+            ns=(base_config_stat.st_atime_ns, base_config_stat.st_mtime_ns),
         )
 
         for extra_file in EXTRA_FILES:
diff --git a/tests/tropic_model/README.md b/tests/tropic_model/README.md
index f5c20cceb14..52c6f07e847 100644
--- a/tests/tropic_model/README.md
+++ b/tests/tropic_model/README.md
@@ -4,29 +4,7 @@ The Tropic model requires:
  * (I) a keypair and a certificate it will use to communicate to the host (`tropic01_ese_*`) - these are simply copied from [example_config](https://github.com/tropicsquare/ts-tvl/tree/master/model_configs/example_config)
  * (II) a certificate chain and a keypair that will be used during Trezor's authenticity check
 
-The root key, certificate chain and keypair are generated using these commands:
-
-```
-# generate root keypair
-openssl genpkey -algorithm Ed25519 -out root_key.pem
-openssl pkey -in root_key.pem -pubout -out root_pubkey.pem
-
-# see the root pubkey - to be used in test
-openssl pkey -in root_pubkey.pem -pubin -outform DER | tail -c 32 | xxd -p -c 256
-
-# generate root certificate (signed by the root key)
-openssl req -new -x509 -key root_key.pem -out root_cert.pem -days 36500
-
-# generate device key pair
-openssl genpkey -algorithm Ed25519 -out tropic_key.pem
-openssl pkey -in tropic_key.pem -pubout -out tropic_pubkey.pem
-
-# generate certificate signing request
-openssl req -new -key tropic_key.pem -out tropic.csr -subj "/CN=T3W1"
-
-# use the signing request to generate a device certificate signed by the authority
-openssl x509 -req -in tropic.csr -CA root_cert.pem -CAkey root_key.pem -CAcreateserial -out tropic_cert.pem -days 36500
-```
+ The root key, certificate chain, and keypair were generated by provisioning a prodtest emulator using testing keys and copying the Tropic model's saved config.
 
 `ts-tvl` then uses a YAML config file to load the above keys and certificates.
  * (I) go into: `s_t_priv`, `s_t_pub` and `x509_certificate` as required by [`ts-tvl`](https://github.com/tropicsquare/ts-tvl/blob/master/model_configs/example_config/example_config.yml)
diff --git a/tests/tropic_model/base_config.yml b/tests/tropic_model/base_config.yml
new file mode 100644
index 00000000000..6912c0edae2
--- /dev/null
+++ b/tests/tropic_model/base_config.yml
@@ -0,0 +1,43 @@
+r_ecc_keys:
+  0:
+    a: !!binary |
+      9oDGtfPu3mRwCJaejPsZ//YkEh8NfwIrKr7N+WxNoEE=
+    origin: 1
+    prefix: !!binary |
+      CnPByiITyYOnUGxdTN8cqFJPe0GvBmHAKQ3KdYcxeIw=
+    s: !!binary |
+      /ax6IByM43A2QFc8ZhtxuCTUKnI4aN92uMu/jyTzdgg=
+r_user_data:
+  3:
+    free: false
+    value: !!binary |
+      A1gwggGPMIIBQaADAgECAghp+14Y3dtpRTAFBgMrZXAwTzELMAkGA1UEBhMCQ1oxHjAcBgNVBAoM
+      FVRyZXpvciBDb21wYW55IHMuci5vLjEgMB4GA1UEAwwXVHJlem9yIE1hbnVmYWN0dXJpbmcgQ0Ew
+      IBcNMjYwNTA2MTUyODI1WhgPMjA1NjA1MDYxNTI4MjVaMEcxGzAZBgNVBAMMElQzVzEgVHJlem9y
+      IFNhZmUgNzEXMBUGA1UEBRMOMTIzNDU2Nzg5MDEyMzQxDzANBgNVBC4TBlRyb3BpYzAqMAUGAytl
+      cAMhAPaAxrXz7t5kcAiWnoz7Gf/2JBIfDX8CKyq+zflsTaBBo0EwPzAOBgNVHQ8BAf8EBAMCAIAw
+      DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQUqVoIj2To/jFMcZRn6iOSWgNFLzAFBgMrZXADQQBS
+      7OZFc++tY4vDy3H/9P/P96iu6Nj/Acc73sQn6I8U4QwuWo8BG/CPfOLC9Q0uyft0c/8D6bQZtJEo
+      pnz74u0PMIIBwTCCAXOgAwIBAgIIafteGJa66SowBQYDK2VwMFQxCzAJBgNV
+  4:
+    free: false
+    value: !!binary |
+      BAYTAkNaMR4wHAYDVQQKDBVUcmV6b3IgQ29tcGFueSBzLnIuby4xJTAjBgNVBAMMHFRyZXpvciBN
+      YW51ZmFjdHVyaW5nIFJvb3QgQ0EwIBcNMjYwNTA2MTUyODI1WhgPMjA1NjA1MDYxNTI4MjVaME8x
+      CzAJBgNVBAYTAkNaMR4wHAYDVQQKDBVUcmV6b3IgQ29tcGFueSBzLnIuby4xIDAeBgNVBAMMF1Ry
+      ZXpvciBNYW51ZmFjdHVyaW5nIENBMCowBQYDK2VwAyEAWoUPt8reO7zfK2QepOuUtKibeX8UN+bL
+      tw82YFfo23mjZjBkMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
+      BBQUqVoIj2To/jFMcZRn6iOSWgNFLzAfBgNVHSMEGDAWgBRUnfqULSF0erM7XBrqPsO7p7D5IjAF
+      BgMrZXADQQCAIPusstEozIfzhnlCV/wuwHwJ/4s/Rv/0ElSpa04rvf3XO0DwsD3O2WCjhLdOrcHK
+      65q6wWdPfDvsoKNcFMsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+  5:
+    free: false
+    value: !!binary |
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
diff --git a/tests/tropic_model/config.yml b/tests/tropic_model/config.yml
index 0a5014b0157..d113703f83c 100644
--- a/tests/tropic_model/config.yml
+++ b/tests/tropic_model/config.yml
@@ -3,27 +3,40 @@ debug_random_value: !!binary |
 r_ecc_keys:
   0:
     a: !!binary |
-      /znnOD2vDW1Znx2ymKbAur+8R+x3vj8uL/e5VUqnH38=
-    origin: 2
+      9oDGtfPu3mRwCJaejPsZ//YkEh8NfwIrKr7N+WxNoEE=
+    origin: 1
     prefix: !!binary |
-      a2BLVJLG4DGBZBPl5ipLvlLOj8zovqvCgejgJtWKGw8=
+      CnPByiITyYOnUGxdTN8cqFJPe0GvBmHAKQ3KdYcxeIw=
     s: !!binary |
-      2JitRIPXXNvDPBcYOyKAWEEGn1k97MfNKx+z4/kNQEk=
+      /ax6IByM43A2QFc8ZhtxuCTUKnI4aN92uMu/jyTzdgg=
 r_user_data:
   3:
+    free: false
     value: !!binary |
-      AhwwgeUwgZgCFAYbogFv5WvsoMxMwanH3uF4NejHMAUGAytlcDANMQswCQYDVQQGEwJDWjAgFw0y
-      NTEwMDExNTU5MjBaGA8yMTI1MDkwNzE1NTkyMFowHDELMAkGA1UEBhMCQ1oxDTALBgNVBAMMBFQz
-      VzEwKjAFBgMrZXADIQD/Oec4Pa8NbVmfHbKYpsC6v7xH7He+Py4v97lVSqcffzAFBgMrZXADQQC/
-      Sg/OI9Oa4IcjAGkqswmsZY782uzrHqqOdb8C9QHMQEJFKggXH39rxtXRU2kmj+ryTkYNA4vUhIKm
-      +zvKUGkEMIIBMDCB46ADAgECAhRMR5WXXWH8xNquZfZtCCchQO757TAFBgMrZXAwDTELMAkGA1UE
-      BhMCQ1owIBcNMjUxMDAxMTUzMzA2WhgPMjEyNTA5MDcxNTMzMDZaMA0xCzAJBgNVBAYTAkNaMCow
-      BQYDK2VwAyEAGrHF8S9FcODeXBao2f7qOB9TyNgT/usOsvt/OT8ra1+jUzBRMB0GA1UdDgQWBBSY
-      DtrUTbT8JI4eHR/OIHl787VZ1zAfBgNVHSMEGDAWgBSYDtrUTbT8JI4eHR/O
+      A1gwggGPMIIBQaADAgECAghp+14Y3dtpRTAFBgMrZXAwTzELMAkGA1UEBhMCQ1oxHjAcBgNVBAoM
+      FVRyZXpvciBDb21wYW55IHMuci5vLjEgMB4GA1UEAwwXVHJlem9yIE1hbnVmYWN0dXJpbmcgQ0Ew
+      IBcNMjYwNTA2MTUyODI1WhgPMjA1NjA1MDYxNTI4MjVaMEcxGzAZBgNVBAMMElQzVzEgVHJlem9y
+      IFNhZmUgNzEXMBUGA1UEBRMOMTIzNDU2Nzg5MDEyMzQxDzANBgNVBC4TBlRyb3BpYzAqMAUGAytl
+      cAMhAPaAxrXz7t5kcAiWnoz7Gf/2JBIfDX8CKyq+zflsTaBBo0EwPzAOBgNVHQ8BAf8EBAMCAIAw
+      DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQUqVoIj2To/jFMcZRn6iOSWgNFLzAFBgMrZXADQQBS
+      7OZFc++tY4vDy3H/9P/P96iu6Nj/Acc73sQn6I8U4QwuWo8BG/CPfOLC9Q0uyft0c/8D6bQZtJEo
+      pnz74u0PMIIBwTCCAXOgAwIBAgIIafteGJa66SowBQYDK2VwMFQxCzAJBgNV
   4:
+    free: false
     value: !!binary |
-      IHl787VZ1zAPBgNVHRMBAf8EBTADAQH/MAUGAytlcANBAD2wmHseXqtUk2QJuwRUpdoestUlhKGR
-      xrD1yhY8fxCvCzU+b4qZffXCyyk4qgDiTgdNHMz04zL6nKcNhT+geAQAAAAAAAAAAAAAAAAAAAAA
+      BAYTAkNaMR4wHAYDVQQKDBVUcmV6b3IgQ29tcGFueSBzLnIuby4xJTAjBgNVBAMMHFRyZXpvciBN
+      YW51ZmFjdHVyaW5nIFJvb3QgQ0EwIBcNMjYwNTA2MTUyODI1WhgPMjA1NjA1MDYxNTI4MjVaME8x
+      CzAJBgNVBAYTAkNaMR4wHAYDVQQKDBVUcmV6b3IgQ29tcGFueSBzLnIuby4xIDAeBgNVBAMMF1Ry
+      ZXpvciBNYW51ZmFjdHVyaW5nIENBMCowBQYDK2VwAyEAWoUPt8reO7zfK2QepOuUtKibeX8UN+bL
+      tw82YFfo23mjZjBkMA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW
+      BBQUqVoIj2To/jFMcZRn6iOSWgNFLzAfBgNVHSMEGDAWgBRUnfqULSF0erM7XBrqPsO7p7D5IjAF
+      BgMrZXADQQCAIPusstEozIfzhnlCV/wuwHwJ/4s/Rv/0ElSpa04rvf3XO0DwsD3O2WCjhLdOrcHK
+      65q6wWdPfDvsoKNcFMsLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+  5:
+    free: false
+    value: !!binary |
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
       AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
       AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
       AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
diff --git a/tests/tropic_model/root_cert.pem b/tests/tropic_model/root_cert.pem
deleted file mode 100644
index fe460ee4917..00000000000
--- a/tests/tropic_model/root_cert.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBMDCB46ADAgECAhRMR5WXXWH8xNquZfZtCCchQO757TAFBgMrZXAwDTELMAkG
-A1UEBhMCQ1owIBcNMjUxMDAxMTUzMzA2WhgPMjEyNTA5MDcxNTMzMDZaMA0xCzAJ
-BgNVBAYTAkNaMCowBQYDK2VwAyEAGrHF8S9FcODeXBao2f7qOB9TyNgT/usOsvt/
-OT8ra1+jUzBRMB0GA1UdDgQWBBSYDtrUTbT8JI4eHR/OIHl787VZ1zAfBgNVHSME
-GDAWgBSYDtrUTbT8JI4eHR/OIHl787VZ1zAPBgNVHRMBAf8EBTADAQH/MAUGAytl
-cANBAD2wmHseXqtUk2QJuwRUpdoestUlhKGRxrD1yhY8fxCvCzU+b4qZffXCyyk4
-qgDiTgdNHMz04zL6nKcNhT+geAQ=
------END CERTIFICATE-----
diff --git a/tests/tropic_model/root_key.pem b/tests/tropic_model/root_key.pem
deleted file mode 100644
index 0274cea9217..00000000000
--- a/tests/tropic_model/root_key.pem
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIFia80j5qUKXL7JjYDHMKeubqMyC5aljqbu4fhO1FDJV
------END PRIVATE KEY-----
diff --git a/tests/tropic_model/tropic_key.pem b/tests/tropic_model/tropic_key.pem
deleted file mode 100644
index 49e6a8f70e6..00000000000
--- a/tests/tropic_model/tropic_key.pem
+++ /dev/null
@@ -1,3 +0,0 @@
------BEGIN PRIVATE KEY-----
-MC4CAQAwBQYDK2VwBCIEIKhBm/4pWnrgnqyx/uqbGD7iSaPoWIGGwQmjLz3baBrr
------END PRIVATE KEY-----